Index of /publicDatasets/IoT-23-Dataset/IndividualScenarios/CTU-IoT-Malware-Capture-43-1

	Name	Last modified	Size	Description
	Parent Directory		-
	2019-01-10-19-22-51-192.168.1.198.pcap	2019-01-30 18:28	5.9G
	labeled/	2021-07-10 22:13	-
	2019-01-10-19-22-51-192.168.1.198.dnstop	2022-07-16 11:38	1.6K
	suricata/	2022-07-16 11:49	-
	README.md	2022-07-16 11:49	1.6K
	2019-01-10-19-22-51-192.168.1.198.capinfos	2022-07-16 11:51	1.1K
	bro/	2022-07-16 13:02	-
	README.html	2022-07-16 13:02	2.3K

IoT Lab Capture

• Description:

• Probable Malware Name: Mirai

• MD5: 6d2fa0dc9836cf1944a925c6aa77519d

• SHA1: f1259f9b01b82cd754a48c47bd765656fa47b009

• SHA256: 9d5374b9f13ed32baf68aae86d88f44b2d2a58400e1dce276b317d7b43abbd08

• Password of zip file: infected

• Duration: 3930.459239 seconds

• VirusTotal

• HybridAnalysis

• RobotHash

Description of Files

• .capinfos
  • Capinfos file
• .dnstop
  • DNS top file
• .passivedns
  • Passive DNS file
• .pcap
  • Original pcap file
• bro
  • Folder with all the bro output files

IP Addresses

- Infected device: 192.168.1.198
- Default GW: 192.168.1.1

Generic Dataset name: CTU-IoT-Malware-Capture-43

Origin device: RPi-05

Timeline

Start. 2018/01/10

## Thu Jan 10 19:22:33 CET 2019

Poweroff

##Thu Jan 10 20:27:33 CET 2019

Disclaimer

These files were generated in the Stratosphere Laboratory as part of the Aposemat Project for collecting IoT malware captures Done in the CVUT University, Prague, Czech Republic. The goal is to store long-lived real iot malware traffic and to generate labeled netflows files. Any question feel free to contact us at: Sebastian Garcia: sebastian.garcia@agents.fel.cvut.cz

You need authorization from the Stratosphere Lab to use these files.

Suricata run with rules updated on 2022-07-16