Visiualizing Nepenthes' log_downloads

Visiualizing Nepenthes' log_downloads

I use Afterglow to process Nepenthes' logged_submission[1] logs. I needed to see how many hosts are associated with the same malicious binary. So the graph above one can see attacking hosts (green), a host that is hosting the malware (grey) and the binary that gets pulled from it (blue).

While I'm at this I might as well mention that I made the graph above a couple of days before meeting Mr. Marty at a conf in Indonesia :-)

[1] A typical logged_submission logs look like this:
[2007-03-29T17:22:47] 172.16.0.100 -> 172.16.0.10 tftp://172.16.0.100:69/teekids.exe 7097c55ee0535457025dd158bb1988bb

Mel

Hey There,

How you doing? Can I please speak to you urgently i mean i need to ask you something. Do you have msn or yahoo? please help me its really really important.

my email is fmelroy@hotmail.com

Bye thanks