Description

This capture was used as 'botnet1' for the IGI book chapter research.

http://www.threatexpert.com/report.aspx?md5=d60e538e721c30a0ea946404330f324a

Timeline

Mon Sept 7 22:36:12 ART 2009

Experiment 1

Description: Infected the vm. Pcap file: 192.168.3.104-unvirus.pcap tcpdump: tcpdump -n -s0 -i wlan0 -w 192.168.3.104-unvirus.pcap host 192.168.3.104 -v Started: Mon Sep 7 22:29:48 2009
Finished: Tue Sep 8 09:42:17 2009

Results: It was successfully infected. It started to scan for other hosts in the LAN. Usually the CC was down, but for some reason this time the CC answered.

Traffic Analysis