Name | Last modified | Size | Description | |
---|---|---|---|---|
Parent Directory | - | |||
2014-06-30_capture-win2.biargus | 2017-01-16 10:11 | 3.5M | ||
2014-06-30_capture-win2.binetflow | 2017-01-16 10:11 | 1.5M | ||
2014-06-30_capture-win2.capinfos | 2017-01-16 10:11 | 1.1K | ||
2014-06-30_capture-win2.dnstop | 2017-01-16 10:11 | 20K | ||
2014-06-30_capture-win2.html | 2018-03-14 13:11 | 66M | ||
2014-06-30_capture-win2.json | 2018-03-14 13:11 | 121M | ||
2014-06-30_capture-win2.passivedns | 2017-01-16 10:11 | 441K | ||
2014-06-30_capture-win2.pcap | 2014-06-30 09:25 | 368M | ||
2014-06-30_capture-win2.rrd | 2014-06-30 11:01 | 8.0M | ||
2014-06-30_capture-win2.tcpdstat | 2017-01-16 10:11 | 2.1K | ||
2014-06-30_capture-win2.weblogng | 2016-06-15 17:38 | 1.3M | ||
README.html | 2018-03-14 13:04 | 5.8K | ||
README.md | 2018-03-14 13:04 | 6.3K | ||
bro/ | 2018-03-14 12:54 | - | ||
suricata/ | 2019-03-23 14:42 | - | ||
Proxy Usage: This capture did use an intermediate proxy.
RobotHash
- Infected host: 10.0.2.102
- Default GW: 10.0.2.1
started infected
Stopped win2.
Exmple of DNS requests 551165.524933 C3g4OkyKMFazwOfWf 10.0.2.102 61992 8.8.8.8 53 udp 9424 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 551166.611260 COgZ3Ieg1L4feK0K8 10.0.2.102 61344 8.8.8.8 53 udp 50451 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 551169.724672 CPCMog40hBKV3CNpya 10.0.2.102 54704 8.8.8.8 53 udp 14208 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 551173.724929 CPCMog40hBKV3CNpya 10.0.2.102 54704 8.8.8.8 53 udp 14208 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A - - F F 551170.720904 CugHMb4M0rsZ7hbvMg 10.0.2.102 54704 4.4.4.4 53 udp 14208 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A - - F F 551171.722160 CugHMb4M0rsZ7hbvMg 10.0.2.102 54704 4.4.4.4 53 udp 14208 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A - - F F 551173.725016 CugHMb4M0rsZ7hbvMg 10.0.2.102 54704 4.4.4.4 53 udp 14208 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A - - F F 808196.150642 CqwMV60BOnmu9GRo5 10.0.2.102 59060 8.8.8.8 53 udp 22940 - kpduo1403459.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 808196.491335 CBD1sQ3zkZlX01RjV7 10.0.2.102 60706 8.8.8.8 53 udp 5194 - kpduo1403459.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 808803.633797 CcUjWD1tOI0Dx85U5e 10.0.2.102 59177 8.8.8.8 53 udp 2408 - chgqz1403460.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 808803.909128 Cqac9P37rxoAyHztq4 10.0.2.102 61213 8.8.8.8 53 udp 14256 - chgqz1403460.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 808804.426798 CN8P7y3i12P1DhDPCd 10.0.2.102 57076 8.8.8.8 53 udp 48013 - chgqz1403460.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 808804.666229 CZlwBn2ARK61Ir6cxe 10.0.2.102 53778 8.8.8.8 53 udp 25208 - chgqz1403460.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 810224.561945 Cur8nK2U5EmlCLKlb4 10.0.2.102 51876 8.8.8.8 53 udp 39506 - nteze1403461.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 810224.894741 CMZNU34vCkQhQ0l2xd 10.0.2.102 53750 8.8.8.8 53 udp 51688 - nteze1403461.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 810269.407254 CfUrdS12IV61t3o2Qd 10.0.2.102 60284 8.8.8.8 53 udp 11167 - zrayy1403461.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 810269.459644 CdhR6Z3KV31AX4xabh 10.0.2.102 51857 8.8.8.8 53 udp 12018 - zrayy1403461.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F
These files were generated in the Stratosphere Lab as part of the Malware Capture Facility Project in the CVUT University, Prague, Czech Republic. The goal is to store long-lived real botnet traffic and to generate labeled netflows files. Any question feel free to contact us: Sebastian Garcia: sebastian.garcia@agents.fel.cvut.cz
You are free to use these files as long as you reference this project and the authors as follows: Garcia, Sebastian. Malware Capture Facility Project. Retrieved from https://stratosphereips.org