Name | Last modified | Size | Description | |
---|---|---|---|---|
Parent Directory | - | |||
training-capture-006.jpg | 2019-08-06 17:11 | 2.8M | ||
README.html | 2017-10-30 21:43 | 2.3K | ||
README.md | 2017-10-30 21:43 | 1.6K | ||
bro/ | 2017-08-31 09:45 | - | ||
fast-flux-dga-first-analysis.txt | 2017-01-13 14:10 | 35K | ||
2016-09-26_win7.mitm.weblog | 2016-12-05 22:14 | 5.7M | ||
2016-09-26_win7.netflow5 | 2016-11-08 21:17 | 32M | ||
2016-09-26_win7.binetflow | 2016-09-26 18:13 | 513M | ||
2016-09-26_win7.biargus | 2016-09-26 18:12 | 491M | ||
9597fc80f793bbeceed69be9b1344fdb.exe.zip | 2016-09-26 17:59 | 200K | ||
2016-09-26_win7.tcpdstat | 2016-09-26 17:53 | 2.0K | ||
2016-09-26_win7.weblogng | 2016-09-26 17:53 | 232 | ||
2016-09-26_win7.capinfos | 2016-09-26 17:53 | 1.1K | ||
2016-09-26_win7.passivedns | 2016-09-26 17:50 | 74K | ||
2016-09-26_win7.dnstop | 2016-09-26 17:50 | 19K | ||
2016-09-26_win7.rrd | 2016-09-26 17:40 | 8.0M | ||
2016-09-26_win7.pcap | 2016-09-26 17:37 | 1.0G | ||
mitm.out | 2016-09-26 17:37 | 96M | ||
Duration : 24 days 03:52:22.
RobotHash
- Infected host: 192.168.1.117
- Default GW: 192.168.1.2
started win7
executed the malware
nothing happended
executed the malware
nothing happended
start IE
The malware started alone!!!
The bot connected to a 443 port, but the domain is sinkholed sinkhole-01.sinkhole.tech
power off