Index of /publicDatasets/CTU-Malware-Capture-Botnet-25-2
Name
Last modified
Size
Description
Parent Directory
-
argus_bi.conf
2013-11-06 15:43
20K
ralabel.conf
2013-11-06 15:43
6.0K
ra.conf.publish
2013-11-06 15:43
2.0K
ra.conf.analysis
2013-11-06 15:44
2.0K
weblogs.filter
2013-12-09 12:06
1.9K
2014-01-25_capture_win3.pcap
2014-01-31 17:34
75M
2014-01-25_capture_win3.rrd
2014-01-31 17:37
181K
ralabel-flowfilter.conf
2014-04-15 17:46
51K
2014-01-25_capture_win3.html
2015-06-01 15:15
9.1M
2014-01-25_capture_win3.json
2015-06-01 15:15
8.1M
2014-01-25_capture_win3.dnstop
2015-08-29 17:12
21K
2014-01-25_capture_win3.passivedns
2015-08-29 17:12
21K
2014-01-25_capture_win3.capinfos
2015-08-29 17:13
763
2014-01-25_capture_win3.biargus
2015-09-25 15:54
73M
2014-01-25_capture_win3.binetflow
2015-09-25 15:54
77M
e1090d7126dd88d0d1d39b68ea3aae11.exe.zip
2015-12-16 10:26
273K
README.md
2016-03-16 14:53
1.0K
2014-01-25_capture_win3.weblogng
2016-06-15 18:04
758K
2014-01-25_capture_win3.tcpdstat
2017-01-15 16:53
1.9K
fast-flux-dga-first-analysis.txt
2017-01-16 08:19
130K
README.html
2017-01-16 08:19
1.4K
bro/
2017-08-31 09:45
-
Description
Probable Name: Zbot at first, then others probably.
Binary used: yL0T.exe
MD5: e1090d7126dd88d0d1d39b68ea3aae11
SHA1: e0513664515eacc65e9530afe665619f2bce3802
SHA256: 3fc6bef5eac0656be77f8e96f2b7e08cadb418c11430e8c3d53b33788a93c86a
VirusTotal
HybridAnalysis
RobotHash
Infected Machines:
Windows Name: Win3, IP: 10.0.2.103
Duration: 6.15 days
Analysisof DNS connections
10.0.2.103-4.4.4.4-53-udp (From-Botnet-UDP-DNS-DGA-11)
43 Flows
10.0.2.103-8.8.8.8-53-udp (From-Botnet-UDP-DNS-DGA-12)
At least 3000 flows
Timeline
Sat, 25 Jan 2014 13:01:41 GMT
Infected (approx)
Fri, 31 Jan 2014 16:40:53 GMT
Stopped (approx)