Proxy Usage: This capture did use an intermediate proxy.
RobotHash
- Infected host: 10.0.2.102
- Default GW: 10.0.2.1
started infected
Stopped win2.
Exmple of DNS requests 551165.524933 C3g4OkyKMFazwOfWf 10.0.2.102 61992 8.8.8.8 53 udp 9424 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 551166.611260 COgZ3Ieg1L4feK0K8 10.0.2.102 61344 8.8.8.8 53 udp 50451 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 551169.724672 CPCMog40hBKV3CNpya 10.0.2.102 54704 8.8.8.8 53 udp 14208 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 551173.724929 CPCMog40hBKV3CNpya 10.0.2.102 54704 8.8.8.8 53 udp 14208 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A - - F F 551170.720904 CugHMb4M0rsZ7hbvMg 10.0.2.102 54704 4.4.4.4 53 udp 14208 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A - - F F 551171.722160 CugHMb4M0rsZ7hbvMg 10.0.2.102 54704 4.4.4.4 53 udp 14208 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A - - F F 551173.725016 CugHMb4M0rsZ7hbvMg 10.0.2.102 54704 4.4.4.4 53 udp 14208 - xivpx1403202.br.whoer.net 1 C_INTERNET 1 A - - F F 808196.150642 CqwMV60BOnmu9GRo5 10.0.2.102 59060 8.8.8.8 53 udp 22940 - kpduo1403459.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 808196.491335 CBD1sQ3zkZlX01RjV7 10.0.2.102 60706 8.8.8.8 53 udp 5194 - kpduo1403459.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 808803.633797 CcUjWD1tOI0Dx85U5e 10.0.2.102 59177 8.8.8.8 53 udp 2408 - chgqz1403460.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 808803.909128 Cqac9P37rxoAyHztq4 10.0.2.102 61213 8.8.8.8 53 udp 14256 - chgqz1403460.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 808804.426798 CN8P7y3i12P1DhDPCd 10.0.2.102 57076 8.8.8.8 53 udp 48013 - chgqz1403460.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 808804.666229 CZlwBn2ARK61Ir6cxe 10.0.2.102 53778 8.8.8.8 53 udp 25208 - chgqz1403460.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 810224.561945 Cur8nK2U5EmlCLKlb4 10.0.2.102 51876 8.8.8.8 53 udp 39506 - nteze1403461.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 810224.894741 CMZNU34vCkQhQ0l2xd 10.0.2.102 53750 8.8.8.8 53 udp 51688 - nteze1403461.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 810269.407254 CfUrdS12IV61t3o2Qd 10.0.2.102 60284 8.8.8.8 53 udp 11167 - zrayy1403461.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F 810269.459644 CdhR6Z3KV31AX4xabh 10.0.2.102 51857 8.8.8.8 53 udp 12018 - zrayy1403461.br.whoer.net 1 C_INTERNET 1 A 3 NXDOMAIN F
These files were generated in the Stratosphere Lab as part of the Malware Capture Facility Project in the CVUT University, Prague, Czech Republic. The goal is to store long-lived real botnet traffic and to generate labeled netflows files. Any question feel free to contact us: Sebastian Garcia: sebastian.garcia@agents.fel.cvut.cz
You are free to use these files as long as you reference this project and the authors as follows: Garcia, Sebastian. Malware Capture Facility Project. Retrieved from https://stratosphereips.org