Index of /publicDatasets/CTU-Malware-Capture-Botnet-73

Name	Last modified	Size

Parent Directory		-
2014-05-16_capture-win15.pcap	2014-05-16 09:47	1.1M
2014-05-16_capture-win15.rrd	2014-05-16 09:48	8.0M
2014-05-16_capture-win15.capinfo	2014-08-01 15:58	764
2014-05-16_capture-win15.biargus	2014-08-01 16:02	121K
2014-05-16_capture-win15.binetflow	2014-08-01 16:03	43K
2014-05-16_capture-win15.png	2014-08-01 16:44	96K
README.html	2014-08-01 16:48	5.7K
README.pdf	2014-08-01 16:48	179K
README.tex	2014-08-04 15:17	2.9K
2014-05-16_capture-win15.weblogng	2016-06-15 17:55	120K
2014-05-16_capture-win15.dnstop	2017-01-16 10:38	3.6K
2014-05-16_capture-win15.passivedns	2017-01-16 10:38	4.0K
bro/	2017-01-16 10:38	-
2014-05-16_capture-win15.capinfos	2017-01-16 10:38	1.1K
2014-05-16_capture-win15.tcpdstat	2017-01-16 10:38	1.7K
fast-flux-dga-first-analysis.txt	2017-01-16 10:38	4.0K

Malware Capture Facility. Scenario CTU-Malware-Capture-Botnet-73

Sebastian Garcia. sebastian.garcia@agents.fel.cvut.cz

August 1, 2014

General Information about the scenario

Infected Machines:

Windows XP Name: WIN1, IP: (Label: Botnet-V1 in the files)

Binary Used: Infected by accessing the web site www.magnetikum.cz

MD5: None

Probable Name: Unknown

Files

Details about the files used in this scenario.

1 Pcap file: 2014-05-16_capture-win15.pcap

1.1 Generic Info

Number of packets: 5283
File size: 1107 kB
Data size: 1023 kB
Capture duration: 84211 seconds
Start time: Thu Jan 1 01:00:00 1970
End time: Fri Jan 2 00:23:31 1970
Data byte rate: 12 bytes/s
Data bit rate: 97 bits/s
Average packet size: 193.70 bytes
Average packet rate: 0 packets/sec
Bidirectional flow size: 43KB
Amount of flows: 424

1.2 Related Files

file.netflow.labeled
file.png
This file is a plot of the mayor features of this traffic during his whole life time.
file.rrd
This file is an RRD file containing all the mayor features of the traffic so you can plot it or analyze it.
file.weblog
This file contains the web logs of the capture extracted by the command:
file.weblogng
These are the web logs, but each field is separated by a —.

1.3 Weblogs

Description of the weblogs

1.4 Graphs of the traffic with RRD

Timeline

Thu May 15 10:24:02 CEST 2014 win15 started

Thu May 15 10:27:50 CEST 2014 infected with www.magnetikum.cz

It did not rebooted! and it access completely diferent websites!

Fri May 16 09:48:48 CEST 2014 poweroff because it was doing nothing!

File 2014-05-16_capture-win15.pcap

Traffic Analysis

Disclaimer

These files were generated as part of the Malware Capture Facility Project in the CTU University, Prague, Czech Republic. The goal of the project is to store long-lived real botnet traffic and to generate labeled netflows files. Any question feel free to contact us to sebastian.garcia@agents.fel.cvut.cz.

You are free to use these files as long as you reference this project and the authors. See http://mcfp.felk.cvut.cz