Created
September 24, 2015 22:22
-
-
Save malwareforme/a68a8ec300e549f1f06f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2015-09-23 Angler EK | |
| ETPRO.Suri.2.0.8 | |
| 2015-09-23 02:32:39.09 UTC - 87.98.177.124:80 -> 192.168.26.10:1276 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015 M1 | |
| 2015-09-23 02:32:39.09 UTC - 87.98.177.124:80 -> 192.168.26.10:1276 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015 M2 | |
| 2015-09-23 02:32:39.09 UTC - 87.98.177.124:80 -> 192.168.26.10:1276 - ETPRO CURRENT_EVENTS Evil Redirector Leading to EK Aug 31 2015 M3 | |
| 2015-09-23 02:32:42.00 UTC - 192.168.26.10:1325 -> 62.109.5.133:80 - ETPRO CURRENT_EVENTS Angler Possible EK Landing URI Struct Jul 15 M3 T1 | |
| 2015-09-23 02:32:42.38 UTC - 62.109.5.133:80 -> 192.168.26.10:1325 - ETPRO CURRENT_EVENTS Angler EK Landing June 16 2015 M5 | |
| 2015-09-23 02:32:42.38 UTC - 62.109.5.133:80 -> 192.168.26.10:1325 - ETPRO CURRENT_EVENTS Angler EK Landing June 1 2015 | |
| 2015-09-23 02:32:42.38 UTC - 62.109.5.133:80 -> 192.168.26.10:1325 - ETPRO CURRENT_EVENTS Angler EK Landing Sep 22 2015 T1 M1 | |
| 2015-09-23 02:32:59.98 UTC - 192.168.26.10:1330 -> 216.156.211.8:80 - ET POLICY Outdated Windows Flash Version IE | |
| 2015-09-23 02:33:01.16 UTC - 192.168.26.10:1331 -> 172.231.67.163:80 - ET TROJAN Possible Bedep Connectivity Check | |
| 2015-09-23 02:33:01.38 UTC - 192.168.26.10:1340 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:32:42.81 UTC - 62.109.5.133:80 -> 192.168.26.10:1325 - ETPRO CURRENT_EVENTS Angler EK Landing June 1 2015 T1 | |
| 2015-09-23 02:32:44.85 UTC - 62.109.5.133:80 -> 192.168.26.10:1325 - ETPRO CURRENT_EVENTS Angler EK Landing June 16 2015 M5 | |
| 2015-09-23 02:32:44.85 UTC - 62.109.5.133:80 -> 192.168.26.10:1325 - ETPRO CURRENT_EVENTS Angler EK Landing June 1 2015 | |
| 2015-09-23 02:32:44.85 UTC - 62.109.5.133:80 -> 192.168.26.10:1325 - ETPRO CURRENT_EVENTS Angler EK Landing June 1 2015 T1 | |
| 2015-09-23 02:32:45.06 UTC - 192.168.26.10:1325 -> 62.109.5.133:80 - ETPRO CURRENT_EVENTS Angler EK Flash Exploit (IE) Jun 16 M1 T2 | |
| 2015-09-23 02:32:55.55 UTC - 62.109.5.133:80 -> 192.168.26.10:1327 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (23) | |
| 2015-09-23 02:32:55.55 UTC - 62.109.5.133:80 -> 192.168.26.10:1327 - ET CURRENT_EVENTS Angler EK XTEA encrypted binary (11) M2 | |
| 2015-09-23 02:33:02.55 UTC - 192.168.26.10:1350 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:03.78 UTC - 192.168.26.10:1352 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:04.96 UTC - 192.168.26.10:1354 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:06.08 UTC - 192.168.26.10:1356 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:07.38 UTC - 192.168.26.10:1358 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:08.49 UTC - 192.168.26.10:1360 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:09.56 UTC - 192.168.26.10:1362 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:10.78 UTC - 192.168.26.10:1364 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:11.96 UTC - 192.168.26.10:1366 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:13.18 UTC - 192.168.26.10:1368 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:13.38 UTC - 192.168.26.10:1369 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:14.52 UTC - 192.168.26.10:1371 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:15.57 UTC - 192.168.26.10:1373 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:16.71 UTC - 192.168.26.10:1375 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:17.77 UTC - 192.168.26.10:1377 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:18.97 UTC - 192.168.26.10:1379 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:20.07 UTC - 192.168.26.10:1381 -> 198.105.244.11:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:21.87 UTC - 192.168.26.10:1383 -> 206.222.26.27:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:49.47 UTC - 192.168.26.10:1383 -> 206.222.26.27:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:33:59.23 UTC - 192.168.26.10:1394 -> 144.76.132.228:80 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) | |
| 2015-09-23 02:33:59.23 UTC - 192.168.26.10:1394 -> 144.76.132.228:80 - ETPRO TROJAN Andromeda/Gamarue Checkin | |
| 2015-09-23 02:33:59.58 UTC - 192.168.26.10:1398 -> 144.76.132.228:80 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) | |
| 2015-09-23 02:33:59.58 UTC - 192.168.26.10:1398 -> 144.76.132.228:80 - ET TROJAN Andromeda Downloading Module | |
| 2015-09-23 02:33:59.90 UTC - 192.168.26.10:1395 -> 82.146.55.175:80 - ET TROJAN Fareit/Pony Downloader Checkin 2 | |
| 2015-09-23 02:34:00.40 UTC - 178.162.192.215:443 -> 192.168.26.10:1401 - ETPRO TROJAN Win32.Otlard.A C&C checkin response | |
| 2015-09-23 02:34:00.49 UTC - 192.168.26.10:1402 -> 144.76.132.228:80 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) | |
| 2015-09-23 02:34:00.49 UTC - 192.168.26.10:1402 -> 144.76.132.228:80 - ETPRO TROJAN Andromeda/Gamarue Checkin | |
| 2015-09-23 02:34:00.94 UTC - 178.162.192.215:443 -> 192.168.26.10:1401 - ETPRO TROJAN Win32.Otlard.A C&C checkin response | |
| 2015-09-23 02:34:01.10 UTC - 178.162.192.215:443 -> 192.168.26.10:1403 - ETPRO TROJAN Win32.Otlard.A C&C checkin response | |
| 2015-09-23 02:34:01.46 UTC - 178.162.192.215:443 -> 192.168.26.10:1403 - ETPRO TROJAN Win32.Otlard.A C&C checkin response | |
| 2015-09-23 02:34:02.29 UTC - 178.162.192.215:443 -> 192.168.26.10:1404 - ETPRO TROJAN Win32.Otlard.A C&C checkin response | |
| 2015-09-23 02:34:02.29 UTC - 192.168.26.10:1404 -> 178.162.192.215:443 - ETPRO TROJAN Win32.Otlard.A C&C communications end 1 | |
| 2015-09-23 02:34:02.46 UTC - 178.162.192.215:443 -> 192.168.26.10:1404 - ETPRO TROJAN Win32.Otlard.A C&C checkin response | |
| 2015-09-23 02:34:05.48 UTC - 192.168.26.10:1383 -> 206.222.26.27:80 - ET TROJAN Bedep HTTP POST CnC Beacon | |
| 2015-09-23 02:34:00.11 UTC - 82.146.55.175:80 -> 192.168.26.10:1395 - ETPRO TROJAN Fareit/Pony Downloader CnC response |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment