Index of /publicDatasets/CTU-Malware-Capture-Botnet-169-3

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[DIR]bro/2017-08-31 09:45 -  
[   ]2016-08-03_win4.capinfos2016-09-03 11:12 1.1K 
[TXT]README.md2017-05-30 15:13 1.7K 
[   ]2016-08-03_win4.tcpdstat2016-09-03 16:46 2.1K 
[TXT]README.html2017-05-30 15:13 2.3K 
[TXT]domains-requested.md2017-06-29 17:08 7.0K 
[   ]2016-08-03_win4.dnstop2016-09-03 11:11 25K 
[   ]e12a2c2b633ac12cec3e0d32950dcd5011d2aba4a9b95506c0fd3913446d7c22_miuref.exe.zip2016-09-03 11:09 87K 
[   ]2016-08-03_win4.passivedns2016-09-03 11:11 355K 
[   ]2016-08-03_win4.netflow52016-11-04 15:14 3.4M 
[   ]2016-08-03_win4.weblogng2016-09-03 11:12 5.8M 
[   ]2016-08-03_win4.rrd2016-08-11 23:59 8.0M 
[   ]2016-08-03_win4.biargus2016-09-03 11:12 23M 
[   ]2016-08-03_win4.binetflow2016-09-03 11:12 24M 
[TXT]2016-08-03_win4.html2016-09-03 11:14 84M 
[   ]2016-08-03_win4.json2016-09-03 11:14 139M 
[   ]2016-08-03_win4.pcap2016-08-11 23:59 211M 

Description

Files

IP Addresses

- Infected host: 192.168.1.114
- Default GW: 192.168.1.2

Timeline

Wed Aug 3 20:41:06 CEST 2016

started win4

Wed Aug 3 20:43:42 CEST 2016

infected

Thu Aug 11 12:59:00 CEST 2016

power off

Analysis

The malware connects to servers using the port 443/TCP, but the traffic is not TLS or SSL.