Index of /publicDatasets/CTU-Malware-Capture-Botnet-17-1

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]2013-09-09_capture-win18.biargus2016-08-27 22:07 768K 
[   ]2013-09-09_capture-win18.binetflow2016-08-27 22:07 796K 
[   ]2013-09-09_capture-win18.capinfos2016-08-27 21:53 1.1K 
[   ]2013-09-09_capture-win18.dnstop2016-08-27 21:53 6.0K 
[TXT]2013-09-09_capture-win18.html2016-08-27 22:02 255M 
[   ]2013-09-09_capture-win18.json2016-08-27 22:02 556M 
[   ]2013-09-09_capture-win18.passivedns2016-08-27 21:53 24K 
[   ]2013-09-09_capture-win18.pcap2013-09-09 14:02 254M 
[   ]2013-09-09_capture-win18.rrd2013-12-09 18:09 181K 
[   ]2013-09-09_capture-win18.tcpdstat2017-01-15 14:30 1.8K 
[   ]2013-09-09_capture-win18.weblogng2016-08-27 21:53 139K 
[TXT]README.html2017-01-15 14:31 2.3K 
[TXT]README.md2016-08-27 21:58 1.7K 
[   ]SOLVE+ELEC.exe.zip2015-12-16 10:28 1.2M 
[DIR]bro/2017-08-31 09:45 -  
[TXT]fast-flux-dga-first-analysis.txt2017-01-15 14:31 25K 

Description

Files

IP Addresses

- Infected hosts: Win7, IP: 10.0.2.118, Name: Win18

Timeline

Fri Aug 23 23:20:16 CEST 2013

infected vm called win8 It asked me to install some files. It opened a zip file, but i did not execute the files inside the zip. Right now, after installing the exec, it kept downloading stuff There were some http connections...

Tue Aug 27 10:03:58 CEST 2013

The win8 seems to be pretty idle..., and it popup a message to update foxreader. I will update it. It will download 28MB!

Fri Aug 30 18:15:03 CEST 2013

infected Win18 ; IP 10.0.2.118 ;

An installation, button download pressed and close when account window has appeared.