Description

• Probable Name: ?
• URL: https://goo.gl/NrGdrX
• MD5: Not applicable
• SHA1: Not applicable
• SHA256: Not applicable
• Duration 31 days, 6 hs

Files

• .capinfos
  • Capinfos file
• .dnstop
  • DNS top file
• .mitm
  • Mitm proxy interception file of http and https
• .passivedns
  • Passive DNS file
• .pcap
  • Original pcap file
• .rrd
  • RRD file for graphs
• .weblogng
  • WEB log of http traffic
• .exe.zip
  • Original malware file
• bro
  • Folder with all the bro output files
• .biargus
  • Argus binary file with all the flows
• .binetflow
  • Argus text file with bidirectional flows. Report time 3600 secs.

IP Addresses

- Infected host: 10.0.2.109
- Default GW: 10.0.2.1

Timeline

Sat Jun 11 01:28:28 CEST 2016

started win9

Sat Jun 11 01:30:10 CEST 2016

infected with https://goo.gl/NrGdrX

Small amount of traffic. Most of the capture is dhcp6

Tue Jul 12 07:29:02 CEST 2016

power off