Index of /publicDatasets/CTU-Malware-Capture-Botnet-300-1

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]20ae9e5f8f26635c627afce5eaeeb749af459f55138c80f29da9d787ecc38f92.zip2017-07-19 20:36 13M 
[   ]BitTorrent-not-malware.zip2017-07-24 10:30 2.3M 
[DIR]Logins/2017-08-13 12:59 -  
[TXT]README.html2017-10-05 10:46 5.0K 
[TXT]README.md2017-10-05 10:46 3.9K 
[   ]Win22-test.rrd2017-07-26 10:29 8.0M 
[DIR]bro/2017-07-24 12:49 -  
[   ]capture_win22.biargus2017-07-24 13:40 2.4G 
[   ]capture_win22.binetflow2017-07-24 13:42 497M 
[   ]capture_win22.capinfos2017-07-24 13:04 1.1K 
[   ]capture_win22.dnstop2017-07-24 10:38 23K 
[   ]capture_win22.passivedns2017-07-24 10:46 170M 
[   ]capture_win22.pcap2017-07-26 10:30 61G 
[   ]capture_win22.tcpdstat2017-07-24 13:33 3.5K 
[   ]capture_win22.uniargus2017-07-24 13:48 2.5G 
[   ]capture_win22.uninetflow2017-07-24 13:52 1.4G 
[   ]capture_win22.weblogng2017-07-24 13:11 571M 
[TXT]fast-flux-dga-first-analysis.txt2017-07-24 21:35 94M 
[TXT]histogram-of-answers-code.txt2017-10-02 12:50 945  
[TXT]histogram-of-answers.txt2017-10-02 12:37 23K 
[   ]mitm.out2017-07-19 18:04 0  
[   ]otherpassw2017-07-19 21:43 1.9K 
[TXT]passwords.sites.2.md2017-07-19 21:21 610K 
[TXT]passwords.sites.md2017-07-19 21:16 594K 
[DIR]suricata/2019-03-23 14:41 -  
[IMG]win22-cpu-measurement-while-sending.png2017-07-22 12:12 98K 
[IMG]win22-infected.png2017-07-22 12:12 75K 

Description

Files

IP Addresses

- Infected host: 192.168.1.106
- Default GW: 192.168.1.2

Timeline

Wed Jul 19 18:03:50 CEST 2017

started win22

Wed Jul 19 18:12:34 CEST 2017

Uninstalled guest additions

Wed Jul 19 18:13:01 CEST 2017

Windows restarted after uninstall

Wed Jul 19 18:15:09 CEST 2017

Install bittorrent

Wed Jul 19 18:16:18 CEST 2017

Quit skype

Wed Jul 19 18:17:36 CEST 2017

Automatically started bittorrent and access some webpages cdn.bitmedianetwork.com, and www.bittorrent.com

Wed Jul 19 18:18:29 CEST 2017

Quit bittorrent

Wed Jul 19 18:20:16 CEST 2017

infected

First POST request 1970-01-01 02:13:34.869499 IP 192.168.1.106.49217 > 52.30.100.116.80: Flags [P.], seq 1:216, ack 1, win 16425, length 215: HTTP: POST /?v=2.0&subver=6.21&pcrc=1512548532 HTTP/1.1

Approx: Wed, 26 Jul 2017 08:30:09 GMT

power off

Disclaimer

These files were generated in the Stratosphere Lab as part of the Malware Capture Facility Project in the CVUT University, Prague, Czech Republic. The goal is to store long-lived real botnet traffic and to generate labeled netflows files. Any question feel free to contact us: Sebastian Garcia: sebastian.garcia@agents.fel.cvut.cz

You are free to use these files as long as you reference this project and the authors as follows: Garcia, Sebastian. Malware Capture Facility Project. Retrieved from https://stratosphereips.org