Index of /publicDatasets/CTU-Normal-8-1

	Name	Last modified	Size	Description
	Parent Directory		-
	2016-09-13_win16.biargus	2016-09-13 16:59	80K
	2016-09-13_win16.binetflow	2016-09-13 16:59	83K
	2016-09-13_win16.capinfos	2016-09-13 16:59	1.1K
	2016-09-13_win16.dnstop	2016-09-13 16:59	3.6K
	2016-09-13_win16.mitm.weblog	2017-01-11 12:46	23K
	2016-09-13_win16.passivedns	2016-09-13 16:59	2.7K
	2016-09-13_win16.pcap	2016-09-13 16:48	660K
	2016-09-13_win16.rrd	2016-09-13 16:49	8.0M
	2016-09-13_win16.tcpdstat	2016-09-13 16:59	1.7K
	2016-09-13_win16.weblogng	2016-09-13 16:59	232
	Binetflows-per-hour/	2016-10-10 14:51	-
	README.html	2017-08-04 10:07	1.6K
	README.md	2017-08-04 10:07	1.0K
	bro/	2017-08-31 09:45	-
	mitm.out	2016-09-13 16:44	635K
	suricata/	2019-03-23 14:41	-

Description

• Probable Name: Normal Capture of a windows computer accessing https://www.facebook.com website with a mitmproxy
• MD5: -
• SHA1: -
• SHA256: -
• Password of zip file: -
• Duration: 19:08

Files

• .capinfos
  • Capinfos file
• .dnstop
  • DNS top file
• .mitm
  • Mitm proxy interception file of http and https
• .passivedns
  • Passive DNS file
• .pcap
  • Original pcap file
• .rrd
  • RRD file for graphs
• .weblogng
  • WEB log of http traffic
• .exe.zip
  • Original malware file
• bro
  • Folder with all the bro output files
• .biargus
  • Argus binary file with all the flows
• .binetflow
  • Argus text file with bidirectional flows. Report time 3600 secs.

IP Addresses

- Normal host: 192.168.1.126
    - Windows 7, Internet Explorer browser.
- Default GW: 192.168.1.2

Timeline

Tue Sep 13 16:30:21 CEST 2016

started win16

Tue Sep 13 16:32:51 CEST 2016

started IE

Tue Sep 13 16:33:03 CEST 2016

Access https://www.facebook.com

Tue Sep 13 16:50:09 CEST 2016 approx

power off