Index of /publicDatasets/CTU-Malware-Capture-Botnet-208-1

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]2016-12-12_win18.biargus2016-12-12 15:59 69M 
[   ]2016-12-12_win18.binetflow2016-12-12 15:59 42M 
[   ]2016-12-12_win18.binetflow.5s2017-05-05 18:45 3.4M 
[   ]2016-12-12_win18.capinfos2016-12-12 15:58 1.1K 
[   ]2016-12-12_win18.dnstop2016-12-12 15:58 23K 
[TXT]2016-12-12_win18.html2016-12-13 23:29 69M 
[   ]2016-12-12_win18.json2016-12-13 23:29 78M 
[   ]2016-12-12_win18.mitm.weblog2016-12-12 16:00 22M 
[   ]2016-12-12_win18.passivedns2016-12-12 15:58 345K 
[   ]2016-12-12_win18.pcap2016-12-05 09:57 417M 
[   ]2016-12-12_win18.rrd2016-12-05 09:57 8.0M 
[   ]2016-12-12_win18.tcpdstat2016-12-12 15:59 2.3K 
[   ]2016-12-12_win18.weblogng2016-12-12 15:58 9.1M 
[TXT]README.html2017-06-30 09:57 2.5K 
[TXT]README.md2017-06-30 09:57 1.9K 
[TXT]README3.html2017-01-16 22:01 9.3K 
[   ]e1557810adb59597366d167efcd85a09d0ae2827f49ef6b8e6a459e56d6e1292.exe.zip2016-12-12 16:11 2.2M 
[TXT]fast-flux-dga-first-analysis.txt2017-01-13 11:21 129K 
[TXT]first.html2017-01-16 21:38 700  
[   ]http.log2017-01-16 20:36 9.5M 
[   ]mitm.out2016-12-05 09:55 132M 
[TXT]second.html2017-01-16 21:29 296  
[DIR]suricata/2019-03-23 14:42 -  
[TXT]vis-network.min.css2017-01-15 13:08 15K 
[   ]vis.js2017-01-15 13:08 1.6M 

Description

Files

IP Addresses

- Infected host: 192.168.1.128
    - IPv6 local address: fd2d:ab8c:225:0:512:a519:bb75:80ea
- Default GW: 192.168.1.2

Timeline

Tue Nov 8 15:31:07 CET 2016

started win18

Tue Nov 8 15:34:17 CET 2016

infected

162.247.242.19: VT: https://www.virustotal.com/en/ip-address/162.247.242.19/information/ PS: Two domains. Not good reputation bam.nr-data.net Periodic: Long:

Mon Dec 5 09:57:30 CET 2016

power off