Malware Capture Facility. Scenario CTU-Malware-Capture-Botnet-73

Sebastian Garcia. sebastian.garcia@agents.fel.cvut.cz

August 1, 2014

General Information about the scenario

Infected Machines:

Binary Used: Infected by accessing the web site www.magnetikum.cz

MD5: None

Probable Name: Unknown

Files

Details about the files used in this scenario.

1 Pcap file: 2014-05-16_capture-win15.pcap

1.1 Generic Info

1.2 Related Files

1.3 Weblogs

Description of the weblogs

1.4 Graphs of the traffic with RRD

PIC

Timeline

Thu May 15 10:24:02 CEST 2014 win15 started

Thu May 15 10:27:50 CEST 2014 infected with www.magnetikum.cz

It did not rebooted! and it access completely diferent websites!

Fri May 16 09:48:48 CEST 2014 poweroff because it was doing nothing!

File 2014-05-16_capture-win15.pcap

Traffic Analysis

Disclaimer

These files were generated as part of the Malware Capture Facility Project in the CTU University, Prague, Czech Republic. The goal of the project is to store long-lived real botnet traffic and to generate labeled netflows files. Any question feel free to contact us to sebastian.garcia@agents.fel.cvut.cz.

You are free to use these files as long as you reference this project and the authors. See http://mcfp.felk.cvut.cz