Index of /publicDatasets/CTU-Malware-Capture-Botnet-169-3

Name	Last modified	Size

Parent Directory		-
bro/	2017-08-31 09:45	-
2016-08-03_win4.capinfos	2016-09-03 11:12	1.1K
README.md	2017-05-30 15:13	1.7K
2016-08-03_win4.tcpdstat	2016-09-03 16:46	2.1K
README.html	2017-05-30 15:13	2.3K
domains-requested.md	2017-06-29 17:08	7.0K
2016-08-03_win4.dnstop	2016-09-03 11:11	25K
e12a2c2b633ac12cec3e0d32950dcd5011d2aba4a9b95506c0fd3913446d7c22_miuref.exe.zip	2016-09-03 11:09	87K
2016-08-03_win4.passivedns	2016-09-03 11:11	355K
2016-08-03_win4.netflow5	2016-11-04 15:14	3.4M
2016-08-03_win4.weblogng	2016-09-03 11:12	5.8M
2016-08-03_win4.rrd	2016-08-11 23:59	8.0M
2016-08-03_win4.biargus	2016-09-03 11:12	23M
2016-08-03_win4.binetflow	2016-09-03 11:12	24M
2016-08-03_win4.html	2016-09-03 11:14	84M
2016-08-03_win4.json	2016-09-03 11:14	139M
2016-08-03_win4.pcap	2016-08-11 23:59	211M

Description

.capinfos
- Capinfos file
.dnstop
- DNS top file
.mitm
- Mitm proxy interception file of http and https
.passivedns
- Passive DNS file
.pcap
- Original pcap file
.rrd
- RRD file for graphs
.weblogng
- WEB log of http traffic
.exe.zip
- Original malware file
bro
- Folder with all the bro output files
.biargus
- Argus binary file with all the flows
.binetflow
- Argus text file with bidirectional flows. Report time 3600 secs.
.uniargus
- Argus binary file. Unidirectional flows, 5s of report time.
.uninetflow
- Argus text file with unidirectional flows. Report time 5 secs. TAB as column separator.

- Infected host: 192.168.1.114
- Default GW: 192.168.1.2

started win4

infected

power off

The malware connects to servers using the port 443/TCP, but the traffic is not TLS or SSL.