Index of /publicDatasets/CTU-Malware-Capture-Botnet-73

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]2014-05-16_capture-win15.biargus2014-08-01 16:02 121K 
[   ]2014-05-16_capture-win15.binetflow2014-08-01 16:03 43K 
[   ]2014-05-16_capture-win15.capinfo2014-08-01 15:58 764  
[   ]2014-05-16_capture-win15.capinfos2017-01-16 10:38 1.1K 
[   ]2014-05-16_capture-win15.dnstop2017-01-16 10:38 3.6K 
[   ]2014-05-16_capture-win15.passivedns2017-01-16 10:38 4.0K 
[   ]2014-05-16_capture-win15.pcap2014-05-16 09:47 1.1M 
[IMG]2014-05-16_capture-win15.png2014-08-01 16:44 96K 
[   ]2014-05-16_capture-win15.rrd2014-05-16 09:48 8.0M 
[   ]2014-05-16_capture-win15.tcpdstat2017-01-16 10:38 1.7K 
[   ]2014-05-16_capture-win15.uniargus2017-01-16 10:38 356K 
[   ]2014-05-16_capture-win15.uninetflow2017-01-16 10:38 176K 
[   ]2014-05-16_capture-win15.weblogng2016-06-15 17:55 120K 
[TXT]README.html2014-08-01 16:48 5.7K 
[   ]README.pdf2014-08-01 16:48 179K 
[TXT]README.tex2014-08-04 15:17 2.9K 
[DIR]bro/2017-01-16 10:38 -  
[TXT]fast-flux-dga-first-analysis.txt2017-01-16 10:38 4.0K 

Malware Capture Facility. Scenario CTU-Malware-Capture-Botnet-73

Malware Capture Facility. Scenario CTU-Malware-Capture-Botnet-73

Sebastian Garcia.

August 1, 2014

General Information about the scenario

Infected Machines:

Binary Used: Infected by accessing the web site

MD5: None

Probable Name: Unknown


Details about the files used in this scenario.

1 Pcap file: 2014-05-16_capture-win15.pcap

1.1 Generic Info

1.2 Related Files

1.3 Weblogs

Description of the weblogs

1.4 Graphs of the traffic with RRD



Thu May 15 10:24:02 CEST 2014 win15 started

Thu May 15 10:27:50 CEST 2014 infected with

It did not rebooted! and it access completely diferent websites!

Fri May 16 09:48:48 CEST 2014 poweroff because it was doing nothing!

File 2014-05-16_capture-win15.pcap

Traffic Analysis


These files were generated as part of the Malware Capture Facility Project in the CTU University, Prague, Czech Republic. The goal of the project is to store long-lived real botnet traffic and to generate labeled netflows files. Any question feel free to contact us to

You are free to use these files as long as you reference this project and the authors. See