Name | Last modified | Size | Description | |
---|---|---|---|---|
Parent Directory | - | |||
2b48789d9272700de5405bf9a9c05204.zip | 2018-03-27 19:34 | 264K | ||
2018-03-27_win3.capture1.capinfos | 2022-07-14 15:19 | 1.1K | ||
2018-03-27_win3.capture1.dnstop | 2022-07-14 15:17 | 4.8K | ||
2018-03-27_win3.capture1.pcap | 2022-07-14 15:08 | 67M | ||
2018-03-27_win3.rrd | 2018-03-27 19:22 | 8.0M | ||
README.html | 2022-07-14 15:19 | 4.4K | ||
README.md | 2022-07-14 15:22 | 3.1K | ||
bro/ | 2022-08-27 13:02 | - | ||
labels.config | 2022-08-28 20:24 | 1.9K | ||
old-to-delete/ | 2022-07-14 15:17 | - | ||
suricata/ | 2022-07-14 15:19 | - | ||
Probable Name: Trickbot
MD5: 2b48789d9272700de5405bf9a9c05204
SHA1: 0d7c3aba2f525060faa04ed7d93794e2c08983e4
SHA256: d44543259ac4c83e4f3a8ded001aff1cbe19a26269835d68754d9a48cc3a31be
Password of zip file: infected
Duration: 34 days 19:11:46.
Proxy Usage: This capture did use an intermediate proxy.
RobotHash
- Infected host: 192.168.113
- Default GW: 192.168.1.2
This MAC 08:00:27:11:4e:fa belongs the ips: - 192.168.1.113 - fd2d:ab8c:225:0:ac13:6a8c:41cc:1f02 - fd2d:ab8c:225:0:a592:be17:3cd:bad - fd2d:ab8c:225:0:e892:3cb9:ebe2:60b5 - fd2d:ab8c:225:0:d815:735f:8357:3769
The same MAC is used for other ips Move to another capture the ips - 192.168.1.130 - fd2d:ab8c:225:0:1d3:35e9:7d97:2325 - fd2d:ab8c:225:0:50fe:fa0b:79ca:ceb0 - fd2d:ab8c:225:0:10f4:64e2:5483:1856
started win3
infected
power off
These files were generated in the Stratosphere Lab as part of the Malware Capture Facility Project in the CVUT University, Prague, Czech Republic. The goal is to store long-lived real botnet traffic and to generate labeled netflows files. Any question feel free to contact us: Sebastian Garcia: sebastian.garcia@agents.fel.cvut.cz
You are free to use these files as long as you reference this project and the authors as follows: Garcia, Sebastian. Malware Capture Facility Project. Retrieved from https://stratosphereips.org