Index of /publicDatasets/CTU-Malware-Capture-Botnet-67-3

[ICO]NameLast modifiedSizeDescription
[PARENTDIR]Parent Directory  -  
[ ]2014-06-30_capture-win14.capinfos2022-08-25 16:50 1.1K 
[ ]2014-06-30_capture-win14.dnstop2022-08-25 16:48 15K 
[ ]2014-06-30_capture-win14.pcap2022-08-25 16:48 242M 
[ ]2014-06-30_capture-win14.rrd2014-06-30 12:42 8.0M 
[TXT]README.html2022-08-25 16:50 1.5K 
[TXT]README.md2022-08-25 17:03 2.6K 
[DIR]bro/2022-08-25 16:49 -  
[DIR]suricata/2022-08-25 16:50 -  

#Description - Probable name: Cridex - This is a capture made in a home environment using two VirtualBox Windows - Infected VMs: - First VM - Name: Tiny71 - IP: 192.168.0.150 - Second VM - Name: Tiny72 - IP: 192.168.0.151 - MD5: Cridex - SHA1: 8101d94701466153c6407ca90d9b24c6b959a169 - SHA256: e43a7da30d7bdbec0919090d3a7419cafc781bb9bb6051b180f4776ce9025526 - Filename: 54bc2102bbfa0cd23d30b086082887f3.exe

Timeline

Sun Feb 23 09:20:09 CET 2014

started win14

Sun Feb 23 09:21:23 CET 2014

infected win14 with ../../../malware-to-test/shared-folder/54bc2102bbfa0cd23d30b086082887f3.exe: PE32 executable (GUI) Intel 80386, for MS Windows

Mon Apr 7 10:17:23 CEST 2014

Huge powerdown on Sun 06, at 10am… powering up now.

Thu May 29 17:45:45 CEST 2014

reset pcap in win14 because of full disk

Fri Jun 6 09:14:13 CEST 2014

Jin run out of space. I stopped it without desinfecting. The pcap is safe.

Fri Jun 13 11:15:29 CEST 2014

started win14 infected

Mon Jun 30 09:49:31 CEST 2014

poweroff because of change of ip in jin. Still infected.

Suricata run with rules updated on 2022-08-25