Index of /publicDatasets/CTU-Malware-Capture-Botnet-90

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory  -  
[   ]192.168.3.104-unvirus.pcap2009-09-08 14:42 13M 
[   ]192.168.3.104-unvirus.biargus2016-01-27 14:33 5.5M 
[   ]192.168.3.104-unvirus.binetflow2016-01-27 14:33 2.0M 
[TXT]192.168.3.104-unvirus.html2016-01-27 14:43 365K 
[   ]192.168.3.104-unvirus.report.pdf2014-04-09 17:39 21K 
[   ]192.168.3.104-unvirus.json2016-01-27 14:43 20K 
[TXT]README.html2017-01-16 09:33 3.5K 
[TXT]README.md2016-01-27 14:47 3.0K 
[   ]192.168.3.104-unvirus.tcpdstat2017-01-16 09:33 2.7K 
[TXT]fast-flux-dga-first-analysis.txt2017-01-16 09:33 2.3K 
[   ]192.168.3.104-unvirus.dnstop2016-01-27 14:42 2.3K 
[   ]192.168.3.104-unvirus.passivedns2016-01-27 14:42 1.7K 
[   ]192.weblogng2017-01-16 09:33 961  
[   ]192.168.3.104-unvirus.pcap.capinfos2012-05-29 01:08 769  
[   ]192.168.3.104-unvirus.capinfos2016-01-27 14:42 720  
[DIR]bro/2017-08-31 09:45 -  

Description

This capture was used as 'botnet1' for the IGI book chapter research.

http://www.threatexpert.com/report.aspx?md5=d60e538e721c30a0ea946404330f324a

Timeline

Mon Sept 7 22:36:12 ART 2009

Experiment 1

Description: Infected the vm. Pcap file: 192.168.3.104-unvirus.pcap tcpdump: tcpdump -n -s0 -i wlan0 -w 192.168.3.104-unvirus.pcap host 192.168.3.104 -v Started: Mon Sep 7 22:29:48 2009
Finished: Tue Sep 8 09:42:17 2009

Results: It was successfully infected. It started to scan for other hosts in the LAN. Usually the CC was down, but for some reason this time the CC answered.

Traffic Analysis