OSX/Dockster.A and Win32/Trojan.Agent.AXMO Samples, pcaps, OSX
malware analysis tools
Archived: 2026-04-05 13:01:18 UTC
Memoryze Walk process list. 
-h  help screen
-f filename  previously dumpped memory (otherwise uses physical memory and driver)
-x xml output
dump
-q quiet (dont display % complete)
-f name of file to dump to
-w parse process file handles with process
-s parse process section info with process
-t dump process sections [requires -s option]
-c carve processes (dont walk list)
-r walk mach task list
-n name name of process to process
kextlist
-c carve kexts from memory
syscalllist
-s syscall table
-m mach_trap table
1.203.100.232
1.203.102.251
1.203.102.63
1.203.103.227
1.203.104.45
1.203.106.150
1.203.107.125
1.203.107.200
1.203.108.46
1.203.109.193
1.203.112.147
1.203.112.178
1.203.113.2
1.203.114.165
1.203.118.19
1.203.123.29
1.203.123.68
1.203.123.83
1.203.125.201
1.203.125.248
1.203.132.236
1.203.132.54
1.203.135.238
1.203.137.25
1.203.139.148
1.203.139.94
1.203.142.100
1.203.142.111
1.203.98.98
1.203.99.111
1.203.99.36
111.194.101.196
111.194.104.129
111.194.104.220
111.194.105.63
111.194.106.206
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 1 of 71

111.194.106.225
111.194.107.0
111.194.108.247
111.194.109.202
111.194.109.36
111.194.111.0
111.194.111.16
111.194.116.110
111.194.116.160
111.194.119.106
111.194.120.159
111.194.123.34
111.194.92.111
111.194.92.203
111.194.93.187
111.194.93.62
111.194.93.67
111.194.94.141
111.194.94.188
111.194.94.99
111.194.96.100
111.194.96.194
111.194.96.44
111.194.97.128
111.194.97.55
111.194.98.34
111.194.99.29
114.248.100.174
114.248.100.22
114.248.102.191
114.248.103.1
114.248.103.54
114.248.104.3
114.248.105.118
114.248.107.233
114.248.107.97
114.248.108.73
114.248.109.170
114.248.80.175
114.248.80.241
114.248.80.81
114.248.80.84
114.248.81.127
114.248.81.151
114.248.81.155
114.248.81.157
114.248.81.230
114.248.81.247
114.248.81.253
114.248.81.30
114.248.81.42
114.248.82.128
114.248.82.195
114.248.82.66
114.248.83.161
114.248.83.28
114.248.83.98
114.248.84.134
114.248.84.170
114.248.84.171
114.248.84.180
114.248.84.201
114.248.84.64
114.248.84.79
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 2 of 71

114.248.85.150
114.248.85.154
114.248.85.159
114.248.85.188
114.248.85.189
114.248.85.197
114.248.85.204
114.248.85.21
114.248.85.236
114.248.86.108
114.248.86.206
114.248.86.232
114.248.86.240
114.248.86.59
114.248.86.76
114.248.87.142
114.248.87.150
114.248.87.227
114.248.87.28
114.248.88.125
114.248.88.142
114.248.88.144
114.248.88.166
114.248.88.173
114.248.88.225
114.248.88.230
114.248.88.232
114.248.88.241
114.248.88.35
114.248.88.39
114.248.88.44
114.248.88.46
114.248.88.98
114.248.89.12
114.248.89.144
114.248.89.189
114.248.89.221
114.248.89.6
114.248.89.63
114.248.90.143
114.248.90.185
114.248.90.189
114.248.90.216
114.248.90.28
114.248.90.60
114.248.91.103
114.248.91.145
114.248.91.168
114.248.91.180
114.248.91.194
114.248.91.244
114.248.91.27
114.248.91.28
114.248.91.51
114.248.92.10
114.248.92.106
114.248.92.128
114.248.92.188
114.248.92.197
114.248.92.225
114.248.92.51
114.248.93.106
114.248.93.112
114.248.93.138
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 3 of 71

114.248.93.150
114.248.93.169
114.248.93.192
114.248.93.199
114.248.93.223
114.248.93.225
114.248.93.29
114.248.94.157
114.248.94.207
114.248.94.208
114.248.94.220
114.248.95.122
114.248.95.252
114.248.95.49
114.248.95.59
114.248.95.76
114.248.98.177
114.249.17.36
114.249.192.233
114.249.192.240
114.249.193.21
114.249.193.224
114.249.198.34
114.249.200.189
114.249.201.179
114.249.202.183
114.249.202.186
114.249.203.14
114.249.204.158
114.249.204.231
114.249.204.84
114.249.205.239
114.249.207.180
114.249.21.11
114.249.23.24
114.249.26.166
114.249.30.18
114.249.30.231
115.170.0.45
115.170.0.72
115.170.1.206
115.170.10.130
115.170.10.225
115.170.100.226
115.170.102.194
115.170.102.206
115.170.102.87
115.170.103.103
115.170.103.21
115.170.103.64
115.170.104.14
115.170.105.173
115.170.105.238
115.170.105.79
115.170.106.113
115.170.106.227
115.170.107.103
115.170.107.36
115.170.108.94
115.170.109.87
115.170.11.251
115.170.110.15
115.170.110.230
115.170.112.223
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 4 of 71

115.170.113.118
115.170.114.108
115.170.114.17
115.170.114.6
115.170.115.199
115.170.117.59
115.170.118.48
115.170.120.127
115.170.122.87
115.170.124.23
115.170.125.97
115.170.126.173
115.170.128.140
115.170.128.43
115.170.128.72
115.170.129.116
115.170.129.176
115.170.129.181
115.170.129.183
115.170.130.74
115.170.131.191
115.170.131.4
115.170.132.122
115.170.132.123
115.170.133.151
115.170.133.165
115.170.133.245
115.170.134.107
115.170.134.136
115.170.134.225
115.170.135.90
115.170.136.213
115.170.137.130
115.170.138.132
115.170.138.16
115.170.139.90
115.170.14.14
115.170.140.232
115.170.142.183
115.170.146.231
115.170.146.253
115.170.153.134
115.170.153.135
115.170.157.205
115.170.162.122
115.170.163.131
115.170.163.155
115.170.166.132
115.170.166.133
115.170.166.32
115.170.168.33
115.170.170.122
115.170.171.171
115.170.172.161
115.170.173.42
115.170.173.75
115.170.173.8
115.170.174.246
115.170.174.85
115.170.175.206
115.170.176.233
115.170.177.113
115.170.177.198
115.170.183.100
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 5 of 71

115.170.185.163
115.170.187.43
115.170.188.46
115.170.188.77
115.170.189.57
115.170.19.79
115.170.191.71
115.170.191.95
115.170.194.179
115.170.194.66
115.170.195.248
115.170.197.19
115.170.197.38
115.170.197.82
115.170.199.39
115.170.20.200
115.170.200.88
115.170.202.130
115.170.203.242
115.170.204.136
115.170.205.46
115.170.206.142
115.170.209.192
115.170.209.203
115.170.21.112
115.170.210.246
115.170.211.134
115.170.211.51
115.170.212.115
115.170.212.157
115.170.212.68
115.170.212.70
115.170.212.86
115.170.215.138
115.170.217.225
115.170.219.235
115.170.219.89
115.170.221.125
115.170.23.254
115.170.231.191
115.170.236.178
115.170.237.235
115.170.238.56
115.170.24.217
115.170.24.219
115.170.24.220
115.170.3.87
115.170.30.49
115.170.31.215
115.170.32.127
115.170.32.58
115.170.32.65
115.170.33.1
115.170.34.247
115.170.35.169
115.170.35.185
115.170.39.112
115.170.39.228
115.170.4.125
115.170.4.175
115.170.40.230
115.170.41.43
115.170.43.78
115.170.45.173
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 6 of 71

115.170.46.2
115.170.47.39
115.170.48.38
115.170.49.223
115.170.5.17
115.170.52.198
115.170.57.211
115.170.6.11
115.170.6.203
115.170.6.252
115.170.60.1
115.170.61.137
115.170.61.218
115.170.62.54
115.170.63.149
115.170.63.221
115.170.66.117
115.170.67.116
115.170.67.98
115.170.68.177
115.170.69.142
115.170.69.155
115.170.70.102
115.170.96.119
115.170.96.32
115.170.97.137
115.170.97.141
115.170.97.235
115.170.97.50
115.170.99.132
115.170.99.217
115.170.99.40
115.171.10.216
115.171.100.183
115.171.112.80
115.171.114.160
115.171.116.27
115.171.118.227
115.171.119.50
115.171.121.27
115.171.124.245
115.171.127.215
115.171.128.17
115.171.132.26
115.171.132.46
115.171.135.11
115.171.138.110
115.171.139.104
115.171.141.206
115.171.143.109
115.171.15.22
115.171.15.58
115.171.17.183
115.171.18.98
115.171.34.145
115.171.37.160
115.171.37.32
115.171.38.40
115.171.4.134
115.171.4.239
115.171.40.114
115.171.41.235
115.171.45.117
115.171.46.36
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 7 of 71

115.171.47.154
115.171.47.8
115.171.49.46
115.171.5.76
115.171.51.175
115.171.61.159
116.69.194.241
116.69.44.161
120.50.35.60
122.147.136.56
123.117.16.231
123.117.16.92
123.117.19.168
123.117.20.202
123.117.22.18
123.120.100.101
123.120.100.205
123.120.100.41
123.120.100.90
123.120.101.100
123.120.101.162
123.120.101.189
123.120.101.204
123.120.101.23
123.120.101.94
123.120.102.114
123.120.102.160
123.120.102.212
123.120.102.25
123.120.102.252
123.120.103.147
123.120.103.242
123.120.103.50
123.120.103.6
123.120.103.8
123.120.104.16
123.120.104.49
123.120.104.77
123.120.104.93
123.120.105.159
123.120.106.139
123.120.106.234
123.120.106.70
123.120.106.92
123.120.107.130
123.120.107.173
123.120.107.211
123.120.107.6
123.120.107.63
123.120.107.82
123.120.108.147
123.120.108.176
123.120.108.180
123.120.108.2
123.120.108.212
123.120.108.245
123.120.108.46
123.120.108.71
123.120.108.75
123.120.108.98
123.120.109.150
123.120.109.158
123.120.109.88
123.120.110.172
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 8 of 71

123.120.110.212
123.120.110.233
123.120.110.25
123.120.110.4
123.120.110.49
123.120.110.52
123.120.110.78
123.120.111.168
123.120.111.201
123.120.112.147
123.120.112.180
123.120.112.218
123.120.113.120
123.120.113.17
123.120.113.245
123.120.113.251
123.120.113.45
123.120.114.185
123.120.114.207
123.120.114.208
123.120.114.228
123.120.114.242
123.120.114.46
123.120.114.90
123.120.115.194
123.120.115.210
123.120.116.168
123.120.116.181
123.120.116.185
123.120.116.52
123.120.116.95
123.120.117.100
123.120.117.189
123.120.117.214
123.120.117.47
123.120.117.74
123.120.117.83
123.120.118.101
123.120.118.107
123.120.118.127
123.120.118.132
123.120.118.139
123.120.118.155
123.120.118.180
123.120.118.225
123.120.118.98
123.120.119.128
123.120.119.144
123.120.119.41
123.120.119.62
123.120.119.82
123.120.120.154
123.120.120.174
123.120.120.235
123.120.120.252
123.120.120.3
123.120.120.35
123.120.120.79
123.120.120.82
123.120.120.86
123.120.121.149
123.120.121.164
123.120.121.51
123.120.121.53
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 9 of 71

123.120.121.56
123.120.121.6
123.120.121.80
123.120.122.102
123.120.122.118
123.120.122.141
123.120.122.146
123.120.122.158
123.120.122.201
123.120.122.3
123.120.122.46
123.120.122.88
123.120.123.125
123.120.123.184
123.120.123.186
123.120.123.229
123.120.123.46
123.120.123.82
123.120.124.149
123.120.124.16
123.120.124.165
123.120.124.168
123.120.124.197
123.120.124.33
123.120.124.41
123.120.124.43
123.120.124.55
123.120.124.74
123.120.125.156
123.120.125.225
123.120.125.226
123.120.125.245
123.120.125.4
123.120.126.103
123.120.126.116
123.120.126.127
123.120.126.139
123.120.126.140
123.120.126.163
123.120.126.186
123.120.126.225
123.120.126.23
123.120.126.56
123.120.126.60
123.120.126.86
123.120.127.143
123.120.127.160
123.120.127.210
123.120.127.23
123.120.127.59
123.120.127.87
123.120.96.128
123.120.96.150
123.120.96.159
123.120.96.235
123.120.97.101
123.120.97.156
123.120.97.193
123.120.97.27
123.120.98.116
123.120.98.161
123.120.98.22
123.120.99.110
123.120.99.151
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 10 of 71

123.120.99.159
123.120.99.190
123.120.99.30
123.120.99.39
123.120.99.74
123.120.99.86
204.16.193.12
209.11.241.144
42.90.16.38
42.90.21.154
42.90.213.155
42.90.224.201
60.194.1.105
65.19.157.229
count 35883
first seen 2012-01-01 04:33:53 -0000
last seen 2012-12-03 23:00:20 -0000
itsec.eicp.net. A 0.0.0.0
count 43
first seen 2012-05-27 01:16:35 -0000
last seen 2012-05-27 02:25:19 -0000
itsec.eicp.net. A 1.203.0.145
count 188
first seen 2012-05-13 01:31:07 -0000
last seen 2012-05-13 06:09:04 -0000
itsec.eicp.net. A 1.203.1.2
count 51
first seen 2012-05-16 14:31:01 -0000
last seen 2012-05-16 17:13:18 -0000
itsec.eicp.net. A 1.203.1.31
count 96
first seen 2012-06-12 04:14:16 -0000
last seen 2012-06-12 16:43:38 -0000
itsec.eicp.net. A 1.203.1.74
count 111
first seen 2012-05-26 00:19:17 -0000
last seen 2012-05-26 15:49:18 -0000
itsec.eicp.net. A 1.203.2.67
count 4
first seen 2012-05-24 04:21:46 -0000
last seen 2012-05-24 06:19:19 -0000
itsec.eicp.net. A 1.203.2.104
count 2
first seen 2012-06-13 04:20:05 -0000
last seen 2012-06-13 05:20:05 -0000
itsec.eicp.net. A 1.203.2.146
count 276
first seen 2012-06-08 17:19:11 -0000
last seen 2012-06-09 00:19:10 -0000
itsec.eicp.net. A 1.203.2.180
count 1
first seen 2012-06-13 11:50:04 -0000
last seen 2012-06-13 11:50:04 -0000
itsec.eicp.net. A 1.203.3.50
count 38
first seen 2012-03-21 15:48:49 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 11 of 71

last seen 2012-03-21 19:16:29 -0000
itsec.eicp.net. A 1.203.3.53
count 23
first seen 2012-03-30 04:30:09 -0000
last seen 2012-03-30 05:42:41 -0000
itsec.eicp.net. A 1.203.7.121
count 15
first seen 2012-10-21 07:24:44 -0000
last seen 2012-10-21 15:00:55 -0000
itsec.eicp.net. A 1.203.7.234
count 33
first seen 2012-04-10 04:32:49 -0000
last seen 2012-04-10 06:05:03 -0000
itsec.eicp.net. A 1.203.9.204
count 33
first seen 2012-05-25 04:19:20 -0000
last seen 2012-05-25 06:19:17 -0000
itsec.eicp.net. A 1.203.10.5
count 10
first seen 2012-09-25 03:03:33 -0000
last seen 2012-09-25 08:40:07 -0000
itsec.eicp.net. A 1.203.10.99
count 1141
first seen 2012-09-08 14:15:40 -0000
last seen 2012-09-09 23:35:19 -0000
itsec.eicp.net. A 1.203.10.220
count 14
first seen 2012-07-30 11:00:01 -0000
last seen 2012-07-30 23:40:01 -0000
itsec.eicp.net. A 1.203.11.44
count 13
first seen 2012-04-26 14:33:48 -0000
last seen 2012-04-26 15:15:38 -0000
itsec.eicp.net. A 1.203.12.38
count 4
first seen 2012-05-21 13:19:20 -0000
last seen 2012-05-21 15:49:20 -0000
itsec.eicp.net. A 1.203.13.190
count 5
first seen 2012-10-01 13:16:07 -0000
last seen 2012-10-01 13:47:24 -0000
itsec.eicp.net. A 1.203.14.147
count 6
first seen 2012-05-13 01:25:21 -0000
last seen 2012-05-13 01:30:06 -0000
itsec.eicp.net. A 1.203.15.95
count 20
first seen 2012-07-16 13:44:57 -0000
last seen 2012-07-16 23:14:57 -0000
itsec.eicp.net. A 1.203.15.234
count 231
first seen 2012-05-15 13:46:15 -0000
last seen 2012-05-15 23:56:53 -0000
itsec.eicp.net. A 1.203.17.16
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 12 of 71

count 7
first seen 2012-11-21 11:59:57 -0000
last seen 2012-11-21 17:39:55 -0000
itsec.eicp.net. A 1.203.17.192
count 6
first seen 2012-06-03 07:19:14 -0000
last seen 2012-06-03 12:19:13 -0000
itsec.eicp.net. A 1.203.18.5
count 18
first seen 2012-05-17 14:17:24 -0000
last seen 2012-05-17 15:37:32 -0000
itsec.eicp.net. A 1.203.18.11
count 251
first seen 2012-09-10 11:40:08 -0000
last seen 2012-09-10 23:40:58 -0000
itsec.eicp.net. A 1.203.18.65
count 1
first seen 2012-09-24 04:20:07 -0000
last seen 2012-09-24 04:20:07 -0000
itsec.eicp.net. A 1.203.19.156
count 2
first seen 2012-08-04 14:59:59 -0000
last seen 2012-08-04 15:19:59 -0000
itsec.eicp.net. A 1.203.19.210
count 5
first seen 2012-03-13 16:36:58 -0000
last seen 2012-03-13 17:31:37 -0000
itsec.eicp.net. A 1.203.20.121
count 11
first seen 2012-09-13 04:13:25 -0000
last seen 2012-09-13 05:00:10 -0000
itsec.eicp.net. A 1.203.21.177
count 2
first seen 2012-06-05 04:49:13 -0000
last seen 2012-06-05 05:49:13 -0000
itsec.eicp.net. A 1.203.24.239
count 2
first seen 2012-07-24 06:20:04 -0000
last seen 2012-07-24 06:40:03 -0000
itsec.eicp.net. A 1.203.25.244
count 10
first seen 2012-10-20 03:45:20 -0000
last seen 2012-10-20 07:40:10 -0000
itsec.eicp.net. A 1.203.26.24
count 441
first seen 2012-06-18 13:29:03 -0000
last seen 2012-06-19 04:22:45 -0000
itsec.eicp.net. A 1.203.29.42
count 2
first seen 2012-09-03 13:58:24 -0000
last seen 2012-09-03 15:31:36 -0000
itsec.eicp.net. A 1.203.30.194
count 5
first seen 2012-07-17 04:44:57 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 13 of 71

last seen 2012-07-17 06:29:57 -0000
itsec.eicp.net. A 1.203.30.207
count 302
first seen 2012-08-30 16:29:53 -0000
last seen 2012-08-30 23:00:03 -0000
itsec.eicp.net. A 1.203.30.209
count 16
first seen 2012-07-22 04:00:05 -0000
last seen 2012-07-22 23:30:06 -0000
itsec.eicp.net. A 1.203.30.222
count 374
first seen 2012-04-14 13:53:35 -0000
last seen 2012-04-15 12:34:27 -0000
itsec.eicp.net. A 1.203.31.150
count 13
first seen 2012-11-05 12:40:04 -0000
last seen 2012-11-05 23:20:03 -0000
itsec.eicp.net. A 1.203.31.195
count 121
first seen 2012-06-15 04:50:03 -0000
last seen 2012-06-16 00:20:03 -0000
itsec.eicp.net. A 1.203.32.224
count 18
first seen 2012-11-23 12:59:55 -0000
last seen 2012-11-24 01:59:55 -0000
itsec.eicp.net. A 1.203.34.234
count 8
first seen 2012-05-13 06:19:30 -0000
last seen 2012-05-13 07:42:35 -0000
itsec.eicp.net. A 1.203.35.154
count 62
first seen 2012-06-23 00:33:11 -0000
last seen 2012-06-23 13:20:03 -0000
itsec.eicp.net. A 1.203.39.175
count 9
first seen 2012-10-31 13:40:07 -0000
last seen 2012-10-31 23:00:09 -0000
itsec.eicp.net. A 1.203.39.230
count 23
first seen 2012-11-02 22:40:06 -0000
last seen 2012-11-03 07:00:11 -0000
itsec.eicp.net. A 1.203.40.174
count 115
first seen 2012-05-27 02:26:19 -0000
last seen 2012-05-27 11:19:17 -0000
itsec.eicp.net. A 1.203.40.184
count 277
first seen 2012-10-06 09:20:03 -0000
last seen 2012-10-07 00:03:51 -0000
itsec.eicp.net. A 1.203.42.67
count 3
first seen 2012-05-07 04:19:35 -0000
last seen 2012-05-07 05:49:34 -0000
itsec.eicp.net. A 1.203.43.157
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 14 of 71

count 15
first seen 2012-06-23 13:50:03 -0000
last seen 2012-06-23 23:50:03 -0000
itsec.eicp.net. A 1.203.43.198
count 28
first seen 2012-07-07 21:59:59 -0000
last seen 2012-07-08 11:59:59 -0000
itsec.eicp.net. A 1.203.44.197
count 4
first seen 2012-05-25 10:19:18 -0000
last seen 2012-05-25 14:49:18 -0000
itsec.eicp.net. A 1.203.45.36
count 1
first seen 2012-09-11 15:00:11 -0000
last seen 2012-09-11 15:00:11 -0000
itsec.eicp.net. A 1.203.47.53
count 37
first seen 2012-07-10 08:29:58 -0000
last seen 2012-07-10 22:44:59 -0000
itsec.eicp.net. A 1.203.48.243
count 23
first seen 2012-10-14 11:44:13 -0000
last seen 2012-10-14 13:41:36 -0000
itsec.eicp.net. A 1.203.50.146
count 2
first seen 2012-01-23 18:33:43 -0000
last seen 2012-01-24 00:33:07 -0000
itsec.eicp.net. A 1.203.51.149
count 368
first seen 2012-04-02 13:57:02 -0000
last seen 2012-04-03 13:58:25 -0000
itsec.eicp.net. A 1.203.53.41
count 116
first seen 2012-10-23 13:47:03 -0000
last seen 2012-10-23 23:58:05 -0000
itsec.eicp.net. A 1.203.54.227
count 5
first seen 2012-09-03 04:18:31 -0000
last seen 2012-09-03 04:22:18 -0000
itsec.eicp.net. A 1.203.56.206
count 13
first seen 2012-11-23 04:39:55 -0000
last seen 2012-11-23 11:59:55 -0000
itsec.eicp.net. A 1.203.56.239
count 239
first seen 2012-09-18 10:40:08 -0000
last seen 2012-09-18 23:51:31 -0000
itsec.eicp.net. A 1.203.59.47
count 1
first seen 2012-07-14 11:29:58 -0000
last seen 2012-07-14 11:29:58 -0000
itsec.eicp.net. A 1.203.60.36
count 4
first seen 2012-07-06 14:45:00 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 15 of 71

last seen 2012-07-06 15:45:00 -0000
itsec.eicp.net. A 1.203.60.113
count 7
first seen 2012-02-24 13:49:53 -0000
last seen 2012-02-25 00:49:52 -0000
itsec.eicp.net. A 1.203.65.120
count 212
first seen 2012-04-15 12:51:55 -0000
last seen 2012-04-15 23:51:42 -0000
itsec.eicp.net. A 1.203.68.172
count 3
first seen 2012-11-07 14:20:03 -0000
last seen 2012-11-07 16:00:11 -0000
itsec.eicp.net. A 1.203.69.112
count 1
first seen 2012-02-16 04:42:42 -0000
last seen 2012-02-16 04:42:42 -0000
itsec.eicp.net. A 1.203.69.142
count 45
first seen 2012-09-17 04:18:23 -0000
last seen 2012-09-17 06:13:55 -0000
itsec.eicp.net. A 1.203.72.159
count 31
first seen 2012-05-07 12:52:52 -0000
last seen 2012-05-07 15:02:11 -0000
itsec.eicp.net. A 1.203.74.176
count 7
first seen 2012-02-28 17:19:48 -0000
last seen 2012-02-29 00:49:48 -0000
itsec.eicp.net. A 1.203.74.187
count 213
first seen 2012-09-30 00:40:05 -0000
last seen 2012-09-30 07:40:05 -0000
itsec.eicp.net. A 1.203.80.110
count 2
first seen 2012-10-28 10:20:08 -0000
last seen 2012-10-28 11:20:07 -0000
itsec.eicp.net. A 1.203.84.191
count 194
first seen 2012-04-05 04:52:30 -0000
last seen 2012-04-05 13:53:34 -0000
itsec.eicp.net. A 1.203.86.130
count 13
first seen 2012-10-30 14:00:08 -0000
last seen 2012-10-30 19:20:07 -0000
itsec.eicp.net. A 1.203.89.139
count 42
first seen 2012-03-21 03:01:47 -0000
last seen 2012-03-21 07:05:04 -0000
itsec.eicp.net. A 1.203.91.18
count 59
first seen 2012-03-09 15:42:46 -0000
last seen 2012-03-10 00:03:05 -0000
itsec.eicp.net. A 1.203.95.163
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 16 of 71

count 110
first seen 2012-03-30 14:54:39 -0000
last seen 2012-03-30 21:14:00 -0000
itsec.eicp.net. A 1.203.97.206
count 8
first seen 2012-11-06 04:20:04 -0000
last seen 2012-11-06 08:40:03 -0000
itsec.eicp.net. A 1.203.98.98
count 22
first seen 2012-03-29 04:49:54 -0000
last seen 2012-03-29 05:56:09 -0000
itsec.eicp.net. A 1.203.99.36
count 1
first seen 2011-10-13 15:49:33 -0000
last seen 2011-10-13 15:49:33 -0000
itsec.eicp.net. A 1.203.99.111
count 59
first seen 2012-03-19 15:49:59 -0000
last seen 2012-03-20 01:18:52 -0000
itsec.eicp.net. A 1.203.100.232
count 21
first seen 2012-04-08 14:24:11 -0000
last seen 2012-04-08 15:24:43 -0000
itsec.eicp.net. A 1.203.102.63
count 1
first seen 2011-12-04 14:33:49 -0000
last seen 2011-12-04 14:33:49 -0000
itsec.eicp.net. A 1.203.102.251
count 359
first seen 2012-09-24 13:40:06 -0000
last seen 2012-09-25 03:02:32 -0000
itsec.eicp.net. A 1.203.103.227
count 21
first seen 2012-04-30 09:49:41 -0000
last seen 2012-04-30 14:20:13 -0000
itsec.eicp.net. A 1.203.104.45
count 61
first seen 2012-05-09 04:12:56 -0000
last seen 2012-05-09 06:36:53 -0000
itsec.eicp.net. A 1.203.106.150
count 355
first seen 2012-10-12 09:29:20 -0000
last seen 2012-10-12 23:38:36 -0000
itsec.eicp.net. A 1.203.107.125
count 1
first seen 2011-12-27 20:34:41 -0000
last seen 2011-12-27 20:34:41 -0000
itsec.eicp.net. A 1.203.107.200
count 1
first seen 2012-05-08 04:19:34 -0000
last seen 2012-05-08 04:19:34 -0000
itsec.eicp.net. A 1.203.108.46
count 108
first seen 2012-09-21 08:00:09 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 17 of 71

last seen 2012-09-21 22:40:06 -0000
itsec.eicp.net. A 1.203.109.193
count 10
first seen 2012-11-20 10:39:56 -0000
last seen 2012-11-20 22:59:56 -0000
itsec.eicp.net. A 1.203.112.147
count 2
first seen 2012-01-26 04:33:23 -0000
last seen 2012-01-26 06:34:49 -0000
itsec.eicp.net. A 1.203.112.178
count 7
first seen 2012-10-25 02:42:39 -0000
last seen 2012-10-25 06:00:10 -0000
itsec.eicp.net. A 1.203.113.2
count 11
first seen 2012-11-16 08:19:59 -0000
last seen 2012-11-16 17:19:58 -0000
itsec.eicp.net. A 1.203.114.165
count 13
first seen 2012-12-01 04:40:20 -0000
last seen 2012-12-01 13:40:21 -0000
itsec.eicp.net. A 1.203.118.19
count 1
first seen 2012-01-04 14:35:20 -0000
last seen 2012-01-04 14:35:20 -0000
itsec.eicp.net. A 1.203.123.29
count 1
first seen 2012-10-19 14:40:12 -0000
last seen 2012-10-19 14:40:12 -0000
itsec.eicp.net. A 1.203.123.68
count 213
first seen 2012-10-22 12:20:09 -0000
last seen 2012-10-22 23:20:09 -0000
itsec.eicp.net. A 1.203.123.83
count 38
first seen 2012-04-13 04:19:45 -0000
last seen 2012-04-13 05:57:52 -0000
itsec.eicp.net. A 1.203.125.201
count 62
first seen 2012-03-07 16:43:44 -0000
last seen 2012-03-08 00:10:18 -0000
itsec.eicp.net. A 1.203.125.248
count 11
first seen 2012-03-08 06:09:11 -0000
last seen 2012-03-08 07:26:47 -0000
itsec.eicp.net. A 1.203.132.54
count 1
first seen 2012-03-15 17:50:03 -0000
last seen 2012-03-15 17:50:03 -0000
itsec.eicp.net. A 1.203.132.236
count 3
first seen 2012-03-22 09:49:57 -0000
last seen 2012-03-22 10:49:58 -0000
itsec.eicp.net. A 1.203.135.238
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 18 of 71

count 1
first seen 2011-12-29 10:31:41 -0000
last seen 2011-12-29 10:31:41 -0000
itsec.eicp.net. A 1.203.137.25
count 448
first seen 2012-04-19 04:37:55 -0000
last seen 2012-04-19 23:41:20 -0000
itsec.eicp.net. A 1.203.139.94
count 110
first seen 2012-03-25 14:41:20 -0000
last seen 2012-03-26 03:58:37 -0000
itsec.eicp.net. A 1.203.139.148
count 179
first seen 2012-03-29 14:25:09 -0000
last seen 2012-03-29 23:32:29 -0000
itsec.eicp.net. A 1.203.142.100
count 604
first seen 2012-03-31 04:49:14 -0000
last seen 2012-04-01 13:25:24 -0000
itsec.eicp.net. A 1.203.142.111
count 759
first seen 2012-08-11 02:45:34 -0000
last seen 2012-08-14 02:39:56 -0000
itsec.eicp.net. A 42.90.16.38
count 2
first seen 2012-08-07 09:59:58 -0000
last seen 2012-08-07 12:39:58 -0000
itsec.eicp.net. A 42.90.21.154
count 1
first seen 2012-08-14 02:59:56 -0000
last seen 2012-08-14 02:59:56 -0000
itsec.eicp.net. A 42.90.213.155
count 892
first seen 2012-08-14 04:59:56 -0000
last seen 2012-08-21 12:00:07 -0000
itsec.eicp.net. A 42.90.224.201
count 914
first seen 2012-08-27 03:45:50 -0000
last seen 2012-09-05 02:46:27 -0000
itsec.eicp.net. A 60.194.1.105
count 12
first seen 2011-09-22 21:54:21 -0000
last seen 2011-10-09 01:59:50 -0000
itsec.eicp.net. A 65.19.157.229
count 6
first seen 2012-02-25 07:19:52 -0000
last seen 2012-02-25 11:49:52 -0000
itsec.eicp.net. A 111.194.92.111
count 81
first seen 2012-03-06 01:40:11 -0000
last seen 2012-03-06 16:05:07 -0000
itsec.eicp.net. A 111.194.92.203
count 8
first seen 2012-03-13 01:50:05 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 19 of 71

last seen 2012-03-13 04:11:27 -0000
itsec.eicp.net. A 111.194.93.62
count 5
first seen 2012-03-31 01:23:41 -0000
last seen 2012-03-31 01:38:31 -0000
itsec.eicp.net. A 111.194.93.67
count 103
first seen 2012-03-19 02:03:14 -0000
last seen 2012-03-19 15:39:57 -0000
itsec.eicp.net. A 111.194.93.187
count 18
first seen 2012-03-27 02:40:30 -0000
last seen 2012-03-27 03:31:49 -0000
itsec.eicp.net. A 111.194.94.99
count 4
first seen 2012-03-01 12:49:48 -0000
last seen 2012-03-01 15:49:47 -0000
itsec.eicp.net. A 111.194.94.141
count 20
first seen 2012-03-13 05:50:05 -0000
last seen 2012-03-13 15:46:49 -0000
itsec.eicp.net. A 111.194.94.188
count 50
first seen 2012-03-30 06:42:06 -0000
last seen 2012-03-30 09:16:46 -0000
itsec.eicp.net. A 111.194.96.44
count 10
first seen 2012-03-17 02:15:39 -0000
last seen 2012-03-17 03:12:28 -0000
itsec.eicp.net. A 111.194.96.100
count 2
first seen 2012-02-22 10:36:03 -0000
last seen 2012-02-22 12:34:48 -0000
itsec.eicp.net. A 111.194.96.194
count 2
first seen 2012-02-27 13:49:50 -0000
last seen 2012-02-27 14:49:50 -0000
itsec.eicp.net. A 111.194.97.55
count 48
first seen 2012-03-10 03:00:42 -0000
last seen 2012-03-10 12:51:14 -0000
itsec.eicp.net. A 111.194.97.128
count 71
first seen 2012-03-12 01:52:19 -0000
last seen 2012-03-12 15:46:40 -0000
itsec.eicp.net. A 111.194.98.34
count 59
first seen 2012-03-17 03:32:00 -0000
last seen 2012-03-17 12:59:43 -0000
itsec.eicp.net. A 111.194.99.29
count 22
first seen 2012-03-15 01:29:19 -0000
last seen 2012-03-15 05:08:40 -0000
itsec.eicp.net. A 111.194.101.196
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 20 of 71

count 8
first seen 2012-03-07 04:09:14 -0000
last seen 2012-03-07 05:19:44 -0000
itsec.eicp.net. A 111.194.104.129
count 30
first seen 2012-03-16 07:16:56 -0000
last seen 2012-03-16 12:52:19 -0000
itsec.eicp.net. A 111.194.104.220
count 8
first seen 2012-02-27 02:49:51 -0000
last seen 2012-02-27 10:19:50 -0000
itsec.eicp.net. A 111.194.105.63
count 242
first seen 2012-03-03 01:54:54 -0000
last seen 2012-03-05 00:19:45 -0000
itsec.eicp.net. A 111.194.106.206
count 14
first seen 2012-03-08 01:26:10 -0000
last seen 2012-03-08 05:26:20 -0000
itsec.eicp.net. A 111.194.106.225
count 1
first seen 2012-02-23 08:39:14 -0000
last seen 2012-02-23 08:39:14 -0000
itsec.eicp.net. A 111.194.107.0
count 23
first seen 2012-03-29 06:12:56 -0000
last seen 2012-03-29 07:39:08 -0000
itsec.eicp.net. A 111.194.108.247
count 13
first seen 2012-03-26 04:03:39 -0000
last seen 2012-03-26 05:26:40 -0000
itsec.eicp.net. A 111.194.109.36
count 70
first seen 2012-03-14 01:55:25 -0000
last seen 2012-03-14 16:21:20 -0000
itsec.eicp.net. A 111.194.109.202
count 17
first seen 2012-03-22 01:33:54 -0000
last seen 2012-03-22 04:53:07 -0000
itsec.eicp.net. A 111.194.111.0
count 2
first seen 2012-02-25 02:49:52 -0000
last seen 2012-02-25 03:49:53 -0000
itsec.eicp.net. A 111.194.111.16
count 1
first seen 2012-02-28 16:19:50 -0000
last seen 2012-02-28 16:19:50 -0000
itsec.eicp.net. A 111.194.116.110
count 139
first seen 2012-03-22 13:49:58 -0000
last seen 2012-03-23 14:29:46 -0000
itsec.eicp.net. A 111.194.116.160
count 35
first seen 2012-03-07 12:19:44 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 21 of 71

last seen 2012-03-07 16:28:07 -0000
itsec.eicp.net. A 111.194.119.106
count 90
first seen 2012-03-08 13:07:02 -0000
last seen 2012-03-09 01:14:27 -0000
itsec.eicp.net. A 111.194.120.159
count 3
first seen 2012-03-21 12:50:45 -0000
last seen 2012-03-21 12:52:49 -0000
itsec.eicp.net. A 111.194.123.34
count 26
first seen 2012-09-03 23:51:42 -0000
last seen 2012-09-04 00:17:28 -0000
itsec.eicp.net. A 114.248.80.81
count 141
first seen 2012-08-27 23:57:15 -0000
last seen 2012-08-28 05:39:57 -0000
itsec.eicp.net. A 114.248.80.84
count 133
first seen 2012-04-17 09:23:55 -0000
last seen 2012-04-17 15:07:00 -0000
itsec.eicp.net. A 114.248.80.175
count 2
first seen 2012-06-24 07:50:03 -0000
last seen 2012-06-24 09:20:03 -0000
itsec.eicp.net. A 114.248.80.241
count 76
first seen 2012-09-14 01:09:22 -0000
last seen 2012-09-14 02:13:45 -0000
itsec.eicp.net. A 114.248.81.30
count 1
first seen 2012-06-19 07:50:02 -0000
last seen 2012-06-19 07:50:02 -0000
itsec.eicp.net. A 114.248.81.42
count 3
first seen 2012-09-11 08:00:10 -0000
last seen 2012-09-11 09:40:10 -0000
itsec.eicp.net. A 114.248.81.127
count 8
first seen 2012-10-19 00:18:36 -0000
last seen 2012-10-19 01:55:44 -0000
itsec.eicp.net. A 114.248.81.151
count 14
first seen 2012-05-04 01:22:31 -0000
last seen 2012-05-04 08:19:36 -0000
itsec.eicp.net. A 114.248.81.155
count 2
first seen 2012-12-04 00:00:19 -0000
last seen 2012-12-04 00:40:20 -0000
itsec.eicp.net. A 114.248.81.157
count 1
first seen 2011-09-28 10:01:39 -0000
last seen 2011-09-28 10:01:39 -0000
itsec.eicp.net. A 114.248.81.230
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 22 of 71

count 72
first seen 2012-05-16 23:37:36 -0000
last seen 2012-05-17 03:41:39 -0000
itsec.eicp.net. A 114.248.81.247
count 22
first seen 2012-04-12 02:16:28 -0000
last seen 2012-04-12 03:41:24 -0000
itsec.eicp.net. A 114.248.81.253
count 4
first seen 2012-09-29 00:20:06 -0000
last seen 2012-09-29 02:20:06 -0000
itsec.eicp.net. A 114.248.82.66
count 61
first seen 2012-09-02 14:14:46 -0000
last seen 2012-09-02 15:28:25 -0000
itsec.eicp.net. A 114.248.82.128
count 48
first seen 2012-05-16 06:10:05 -0000
last seen 2012-07-17 09:44:57 -0000
itsec.eicp.net. A 114.248.82.195
count 17
first seen 2012-04-24 02:49:37 -0000
last seen 2012-04-24 13:49:36 -0000
itsec.eicp.net. A 114.248.83.28
count 2
first seen 2012-08-31 03:00:07 -0000
last seen 2012-08-31 03:00:10 -0000
itsec.eicp.net. A 114.248.83.98
count 6
first seen 2012-08-27 07:43:44 -0000
last seen 2012-08-27 09:40:04 -0000
itsec.eicp.net. A 114.248.83.161
count 9
first seen 2012-09-04 02:36:12 -0000
last seen 2012-09-04 02:43:46 -0000
itsec.eicp.net. A 114.248.84.64
count 5
first seen 2012-07-23 01:00:05 -0000
last seen 2012-07-23 04:20:04 -0000
itsec.eicp.net. A 114.248.84.79
count 7
first seen 2012-11-09 01:00:02 -0000
last seen 2012-11-09 07:00:03 -0000
itsec.eicp.net. A 114.248.84.134
count 7
first seen 2012-06-21 06:20:03 -0000
last seen 2012-06-21 13:25:21 -0000
itsec.eicp.net. A 114.248.84.170
count 80
first seen 2012-05-09 06:41:46 -0000
last seen 2012-05-09 09:52:58 -0000
itsec.eicp.net. A 114.248.84.171
count 1
first seen 2012-11-30 09:59:54 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 23 of 71

last seen 2012-11-30 09:59:54 -0000
itsec.eicp.net. A 114.248.84.180
count 48
first seen 2012-05-14 23:45:21 -0000
last seen 2012-05-15 03:43:13 -0000
itsec.eicp.net. A 114.248.84.201
count 1
first seen 2012-02-08 07:03:41 -0000
last seen 2012-02-08 07:03:41 -0000
itsec.eicp.net. A 114.248.85.21
count 2
first seen 2012-06-26 08:50:01 -0000
last seen 2012-06-26 09:20:02 -0000
itsec.eicp.net. A 114.248.85.150
count 1
first seen 2011-12-07 04:38:28 -0000
last seen 2011-12-07 04:38:28 -0000
itsec.eicp.net. A 114.248.85.154
count 3
first seen 2012-06-26 00:50:03 -0000
last seen 2012-06-26 03:20:02 -0000
itsec.eicp.net. A 114.248.85.159
count 1
first seen 2011-12-29 06:32:16 -0000
last seen 2011-12-29 06:32:16 -0000
itsec.eicp.net. A 114.248.85.188
count 3
first seen 2012-05-24 09:49:20 -0000
last seen 2012-05-24 13:49:18 -0000
itsec.eicp.net. A 114.248.85.189
count 4
first seen 2012-09-18 06:20:08 -0000
last seen 2012-09-18 09:00:10 -0000
itsec.eicp.net. A 114.248.85.197
count 5
first seen 2012-09-04 08:00:10 -0000
last seen 2012-09-04 09:45:27 -0000
itsec.eicp.net. A 114.248.85.204
count 2
first seen 2012-07-18 07:30:09 -0000
last seen 2012-07-18 09:00:06 -0000
itsec.eicp.net. A 114.248.85.236
count 7
first seen 2012-08-29 06:34:10 -0000
last seen 2012-08-29 11:40:04 -0000
itsec.eicp.net. A 114.248.86.59
count 3
first seen 2012-07-11 04:00:00 -0000
last seen 2012-07-11 04:29:59 -0000
itsec.eicp.net. A 114.248.86.76
count 3
first seen 2012-09-26 07:40:05 -0000
last seen 2012-09-26 09:40:07 -0000
itsec.eicp.net. A 114.248.86.108
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 24 of 71

count 50
first seen 2010-12-02 06:10:06 -0000
last seen 2010-12-02 09:31:29 -0000
itsec.eicp.net. A 114.248.86.206
count 6
first seen 2012-09-10 01:43:08 -0000
last seen 2012-09-10 02:40:08 -0000
itsec.eicp.net. A 114.248.86.232
count 21
first seen 2012-09-18 23:52:16 -0000
last seen 2012-09-19 06:20:09 -0000
itsec.eicp.net. A 114.248.86.240
count 662
first seen 2012-10-27 00:55:01 -0000
last seen 2012-10-28 05:40:07 -0000
itsec.eicp.net. A 114.248.87.28
count 2
first seen 2012-05-07 02:49:35 -0000
last seen 2012-05-07 03:49:35 -0000
itsec.eicp.net. A 114.248.87.142
count 23
first seen 2012-12-03 00:20:21 -0000
last seen 2012-12-03 19:00:19 -0000
itsec.eicp.net. A 114.248.87.150
count 3
first seen 2012-05-23 01:24:41 -0000
last seen 2012-05-23 03:44:54 -0000
itsec.eicp.net. A 114.248.87.227
count 1
first seen 2012-04-10 03:33:27 -0000
last seen 2012-04-10 03:33:27 -0000
itsec.eicp.net. A 114.248.88.35
count 7
first seen 2012-05-22 08:19:20 -0000
last seen 2012-05-22 13:19:20 -0000
itsec.eicp.net. A 114.248.88.39
count 3
first seen 2012-06-25 01:20:02 -0000
last seen 2012-06-25 03:50:03 -0000
itsec.eicp.net. A 114.248.88.44
count 37
first seen 2012-05-09 01:45:00 -0000
last seen 2012-05-09 04:08:33 -0000
itsec.eicp.net. A 114.248.88.46
count 19
first seen 2012-05-16 00:47:35 -0000
last seen 2012-05-16 04:21:10 -0000
itsec.eicp.net. A 114.248.88.98
count 1
first seen 2012-11-02 00:40:06 -0000
last seen 2012-11-02 00:40:06 -0000
itsec.eicp.net. A 114.248.88.125
count 3
first seen 2012-05-17 06:12:47 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 25 of 71

last seen 2012-05-17 06:30:31 -0000
itsec.eicp.net. A 114.248.88.142
count 34
first seen 2012-11-19 01:19:57 -0000
last seen 2012-11-20 10:19:57 -0000
itsec.eicp.net. A 114.248.88.144
count 3
first seen 2012-08-28 07:40:05 -0000
last seen 2012-08-28 09:20:04 -0000
itsec.eicp.net. A 114.248.88.166
count 170
first seen 2012-04-18 06:36:49 -0000
last seen 2012-04-18 13:50:17 -0000
itsec.eicp.net. A 114.248.88.173
count 133
first seen 2012-09-10 03:21:50 -0000
last seen 2012-09-10 05:20:08 -0000
itsec.eicp.net. A 114.248.88.225
count 294
first seen 2012-06-20 10:11:41 -0000
last seen 2012-06-20 15:04:34 -0000
itsec.eicp.net. A 114.248.88.230
count 5
first seen 2012-11-11 00:40:01 -0000
last seen 2012-11-11 03:00:00 -0000
itsec.eicp.net. A 114.248.88.232
count 2
first seen 2012-07-24 03:20:04 -0000
last seen 2012-07-24 04:00:05 -0000
itsec.eicp.net. A 114.248.88.241
count 2
first seen 2012-08-31 02:20:04 -0000
last seen 2012-08-31 02:40:02 -0000
itsec.eicp.net. A 114.248.89.6
count 25
first seen 2012-11-13 02:20:01 -0000
last seen 2012-11-13 22:39:59 -0000
itsec.eicp.net. A 114.248.89.12
count 282
first seen 2012-06-11 06:50:07 -0000
last seen 2012-06-11 23:35:49 -0000
itsec.eicp.net. A 114.248.89.63
count 5
first seen 2012-06-18 06:11:35 -0000
last seen 2012-06-18 09:20:04 -0000
itsec.eicp.net. A 114.248.89.144
count 2
first seen 2012-07-12 02:29:59 -0000
last seen 2012-07-12 03:14:59 -0000
itsec.eicp.net. A 114.248.89.189
count 3
first seen 2012-11-29 12:00:00 -0000
last seen 2012-11-29 13:40:00 -0000
itsec.eicp.net. A 114.248.89.221
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 26 of 71

count 2
first seen 2012-05-03 07:19:38 -0000
last seen 2012-05-03 08:19:36 -0000
itsec.eicp.net. A 114.248.90.28
count 5
first seen 2012-09-20 00:07:59 -0000
last seen 2012-09-20 03:43:09 -0000
itsec.eicp.net. A 114.248.90.60
count 1
first seen 2011-12-19 02:35:13 -0000
last seen 2011-12-19 02:35:13 -0000
itsec.eicp.net. A 114.248.90.143
count 17
first seen 2012-11-26 23:59:54 -0000
last seen 2012-11-27 13:19:54 -0000
itsec.eicp.net. A 114.248.90.185
count 6
first seen 2012-04-09 01:49:48 -0000
last seen 2012-04-09 02:03:52 -0000
itsec.eicp.net. A 114.248.90.189
count 22
first seen 2012-10-19 01:56:29 -0000
last seen 2012-10-19 09:44:36 -0000
itsec.eicp.net. A 114.248.90.216
count 5
first seen 2012-05-23 06:49:23 -0000
last seen 2012-05-23 10:19:19 -0000
itsec.eicp.net. A 114.248.91.27
count 1
first seen 2012-05-28 06:49:16 -0000
last seen 2012-05-28 06:49:16 -0000
itsec.eicp.net. A 114.248.91.28
count 1
first seen 2012-01-11 06:35:15 -0000
last seen 2012-01-11 06:35:15 -0000
itsec.eicp.net. A 114.248.91.51
count 4
first seen 2012-06-08 06:19:10 -0000
last seen 2012-06-08 09:19:10 -0000
itsec.eicp.net. A 114.248.91.103
count 1
first seen 2012-05-02 08:49:37 -0000
last seen 2012-05-02 08:49:37 -0000
itsec.eicp.net. A 114.248.91.145
count 8
first seen 2012-09-27 23:51:38 -0000
last seen 2012-09-28 03:44:56 -0000
itsec.eicp.net. A 114.248.91.168
count 1
first seen 2012-07-05 03:15:01 -0000
last seen 2012-07-05 03:15:01 -0000
itsec.eicp.net. A 114.248.91.180
count 19
first seen 2012-06-11 23:36:50 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 27 of 71

last seen 2012-06-12 03:42:27 -0000
itsec.eicp.net. A 114.248.91.194
count 1
first seen 2012-09-24 08:00:07 -0000
last seen 2012-09-24 08:00:07 -0000
itsec.eicp.net. A 114.248.91.244
count 114
first seen 2012-04-09 02:18:41 -0000
last seen 2012-04-09 08:49:46 -0000
itsec.eicp.net. A 114.248.92.10
count 1
first seen 2012-06-13 01:52:50 -0000
last seen 2012-06-13 01:52:50 -0000
itsec.eicp.net. A 114.248.92.51
count 9
first seen 2012-07-16 07:44:57 -0000
last seen 2012-07-16 12:59:57 -0000
itsec.eicp.net. A 114.248.92.106
count 14
first seen 2012-09-05 06:16:41 -0000
last seen 2012-09-05 09:57:21 -0000
itsec.eicp.net. A 114.248.92.128
count 26
first seen 2012-10-11 00:46:03 -0000
last seen 2012-10-11 03:51:46 -0000
itsec.eicp.net. A 114.248.92.188
count 3
first seen 2012-10-31 09:20:06 -0000
last seen 2012-10-31 10:40:07 -0000
itsec.eicp.net. A 114.248.92.197
count 6
first seen 2012-07-10 01:30:00 -0000
last seen 2012-07-10 03:29:59 -0000
itsec.eicp.net. A 114.248.92.225
count 46
first seen 2012-06-19 09:50:03 -0000
last seen 2012-09-19 11:40:08 -0000
itsec.eicp.net. A 114.248.93.29
count 3
first seen 2012-07-09 07:30:00 -0000
last seen 2012-07-09 08:00:00 -0000
itsec.eicp.net. A 114.248.93.106
count 10
first seen 2012-04-05 03:27:23 -0000
last seen 2012-04-05 03:53:57 -0000
itsec.eicp.net. A 114.248.93.112
count 13
first seen 2012-05-07 06:49:34 -0000
last seen 2012-05-07 12:19:34 -0000
itsec.eicp.net. A 114.248.93.138
count 8
first seen 2012-07-23 07:00:06 -0000
last seen 2012-07-23 13:00:05 -0000
itsec.eicp.net. A 114.248.93.150
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 28 of 71

count 4
first seen 2012-10-15 00:20:18 -0000
last seen 2012-10-15 01:33:34 -0000
itsec.eicp.net. A 114.248.93.169
count 21
first seen 2012-06-24 00:20:03 -0000
last seen 2012-06-24 04:06:32 -0000
itsec.eicp.net. A 114.248.93.192
count 35
first seen 2012-04-11 00:21:05 -0000
last seen 2012-04-11 04:20:54 -0000
itsec.eicp.net. A 114.248.93.199
count 1
first seen 2012-06-20 06:28:31 -0000
last seen 2012-06-20 06:28:31 -0000
itsec.eicp.net. A 114.248.93.223
count 3
first seen 2012-11-15 00:59:59 -0000
last seen 2012-11-15 01:40:00 -0000
itsec.eicp.net. A 114.248.93.225
count 1
first seen 2012-07-19 08:00:06 -0000
last seen 2012-07-19 08:00:06 -0000
itsec.eicp.net. A 114.248.94.157
count 3
first seen 2012-07-20 03:00:06 -0000
last seen 2012-07-20 03:03:12 -0000
itsec.eicp.net. A 114.248.94.207
count 8
first seen 2012-10-02 06:20:04 -0000
last seen 2012-10-02 13:40:04 -0000
itsec.eicp.net. A 114.248.94.208
count 8
first seen 2012-11-15 23:59:59 -0000
last seen 2012-11-16 07:19:58 -0000
itsec.eicp.net. A 114.248.94.220
count 3
first seen 2012-05-28 06:05:51 -0000
last seen 2012-05-28 06:19:16 -0000
itsec.eicp.net. A 114.248.95.49
count 1
first seen 2011-09-07 14:31:57 -0000
last seen 2011-09-07 14:31:57 -0000
itsec.eicp.net. A 114.248.95.59
count 88
first seen 2012-09-04 00:33:12 -0000
last seen 2012-09-04 02:34:42 -0000
itsec.eicp.net. A 114.248.95.76
count 2
first seen 2012-07-19 08:30:06 -0000
last seen 2012-07-19 10:00:06 -0000
itsec.eicp.net. A 114.248.95.122
count 4
first seen 2012-05-17 07:19:20 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 29 of 71

last seen 2012-05-17 07:49:23 -0000
itsec.eicp.net. A 114.248.95.252
count 8
first seen 2012-05-16 12:05:48 -0000
last seen 2012-05-16 12:45:20 -0000
itsec.eicp.net. A 114.248.98.177
count 11
first seen 2012-05-02 13:19:37 -0000
last seen 2012-05-02 13:51:40 -0000
itsec.eicp.net. A 114.248.100.22
count 28
first seen 2012-05-09 12:01:20 -0000
last seen 2012-05-09 13:26:36 -0000
itsec.eicp.net. A 114.248.100.174
count 3
first seen 2012-09-10 06:40:08 -0000
last seen 2012-09-10 09:00:08 -0000
itsec.eicp.net. A 114.248.102.191
count 3
first seen 2012-08-03 07:00:01 -0000
last seen 2012-08-03 08:40:00 -0000
itsec.eicp.net. A 114.248.103.1
count 5
first seen 2012-06-24 13:50:03 -0000
last seen 2012-06-24 17:20:03 -0000
itsec.eicp.net. A 114.248.103.54
count 14
first seen 2012-09-02 02:58:14 -0000
last seen 2012-09-02 03:44:25 -0000
itsec.eicp.net. A 114.248.104.3
count 12
first seen 2012-06-28 13:50:01 -0000
last seen 2012-06-28 21:20:01 -0000
itsec.eicp.net. A 114.248.105.118
count 3
first seen 2012-07-25 08:20:03 -0000
last seen 2012-07-25 09:00:03 -0000
itsec.eicp.net. A 114.248.107.97
count 13
first seen 2012-11-11 03:40:01 -0000
last seen 2012-11-11 15:40:01 -0000
itsec.eicp.net. A 114.248.107.233
count 1
first seen 2012-04-27 09:19:34 -0000
last seen 2012-04-27 09:19:34 -0000
itsec.eicp.net. A 114.248.108.73
count 2
first seen 2012-11-29 09:39:53 -0000
last seen 2012-11-29 10:39:59 -0000
itsec.eicp.net. A 114.248.109.170
count 10
first seen 2012-02-28 03:19:50 -0000
last seen 2012-02-28 13:19:49 -0000
itsec.eicp.net. A 114.249.17.36
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 30 of 71

count 32
first seen 2012-03-28 11:59:24 -0000
last seen 2012-03-28 13:44:38 -0000
itsec.eicp.net. A 114.249.21.11
count 74
first seen 2012-03-05 01:41:15 -0000
last seen 2012-03-05 15:02:57 -0000
itsec.eicp.net. A 114.249.23.24
count 21
first seen 2012-03-21 13:35:45 -0000
last seen 2012-03-21 15:13:14 -0000
itsec.eicp.net. A 114.249.26.166
count 8
first seen 2012-03-10 13:52:18 -0000
last seen 2012-03-10 15:16:01 -0000
itsec.eicp.net. A 114.249.30.18
count 53
first seen 2012-03-20 01:25:21 -0000
last seen 2012-03-20 10:34:03 -0000
itsec.eicp.net. A 114.249.30.231
count 15
first seen 2012-03-15 12:11:48 -0000
last seen 2012-03-15 14:45:57 -0000
itsec.eicp.net. A 114.249.192.233
count 50
first seen 2012-03-09 07:19:43 -0000
last seen 2012-03-09 14:53:10 -0000
itsec.eicp.net. A 114.249.192.240
count 56
first seen 2012-03-30 00:17:00 -0000
last seen 2012-03-30 04:22:44 -0000
itsec.eicp.net. A 114.249.193.21
count 1
first seen 2012-02-28 01:49:50 -0000
last seen 2012-02-28 01:49:50 -0000
itsec.eicp.net. A 114.249.193.224
count 28
first seen 2012-03-09 01:21:32 -0000
last seen 2012-03-09 05:55:27 -0000
itsec.eicp.net. A 114.249.198.34
count 7
first seen 2012-03-27 01:24:16 -0000
last seen 2012-03-27 02:29:48 -0000
itsec.eicp.net. A 114.249.200.189
count 23
first seen 2012-03-16 01:30:34 -0000
last seen 2012-03-16 05:26:15 -0000
itsec.eicp.net. A 114.249.201.179
count 30
first seen 2012-03-24 01:53:23 -0000
last seen 2012-03-24 05:37:36 -0000
itsec.eicp.net. A 114.249.202.183
count 58
first seen 2012-03-28 00:33:12 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 31 of 71

last seen 2012-03-28 03:51:41 -0000
itsec.eicp.net. A 114.249.202.186
count 8
first seen 2012-02-29 08:49:49 -0000
last seen 2012-02-29 16:19:50 -0000
itsec.eicp.net. A 114.249.203.14
count 9
first seen 2012-03-26 08:22:42 -0000
last seen 2012-03-26 08:54:46 -0000
itsec.eicp.net. A 114.249.204.84
count 30
first seen 2012-03-21 07:19:59 -0000
last seen 2012-03-21 09:26:15 -0000
itsec.eicp.net. A 114.249.204.158
count 3
first seen 2012-03-12 01:35:41 -0000
last seen 2012-03-12 01:51:21 -0000
itsec.eicp.net. A 114.249.204.231
count 3
first seen 2012-03-27 08:27:16 -0000
last seen 2012-03-27 14:19:55 -0000
itsec.eicp.net. A 114.249.205.239
count 8
first seen 2012-03-01 04:19:49 -0000
last seen 2012-03-01 10:19:47 -0000
itsec.eicp.net. A 114.249.207.180
count 70
first seen 2012-06-21 13:26:52 -0000
last seen 2012-06-21 14:34:21 -0000
itsec.eicp.net. A 115.170.0.45
count 5
first seen 2012-06-30 00:20:07 -0000
last seen 2012-06-30 04:40:02 -0000
itsec.eicp.net. A 115.170.0.72
count 192
first seen 2012-04-18 14:12:26 -0000
last seen 2012-04-19 00:11:06 -0000
itsec.eicp.net. A 115.170.1.206
count 287
first seen 2012-06-16 11:20:05 -0000
last seen 2012-06-17 11:50:04 -0000
itsec.eicp.net. A 115.170.3.87
count 391
first seen 2012-09-12 15:40:10 -0000
last seen 2012-09-13 00:50:52 -0000
itsec.eicp.net. A 115.170.4.125
count 13
first seen 2012-06-14 04:19:58 -0000
last seen 2012-06-14 14:20:05 -0000
itsec.eicp.net. A 115.170.4.175
count 4
first seen 2012-08-31 04:56:29 -0000
last seen 2012-08-31 06:20:07 -0000
itsec.eicp.net. A 115.170.5.17
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 32 of 71

count 136
first seen 2012-05-28 12:49:16 -0000
last seen 2012-05-29 00:49:16 -0000
itsec.eicp.net. A 115.170.6.11
count 26
first seen 2012-07-01 02:02:20 -0000
last seen 2012-07-01 13:45:02 -0000
itsec.eicp.net. A 115.170.6.203
count 71
first seen 2012-03-05 16:10:54 -0000
last seen 2012-03-06 01:16:27 -0000
itsec.eicp.net. A 115.170.6.252
count 24
first seen 2012-04-27 13:40:04 -0000
last seen 2012-04-27 14:42:03 -0000
itsec.eicp.net. A 115.170.10.130
count 112
first seen 2012-06-09 01:39:17 -0000
last seen 2012-06-09 09:49:09 -0000
itsec.eicp.net. A 115.170.10.225
count 5
first seen 2012-07-26 13:20:02 -0000
last seen 2012-07-26 15:40:02 -0000
itsec.eicp.net. A 115.170.11.251
count 32
first seen 2012-05-15 23:58:08 -0000
last seen 2012-05-16 00:46:49 -0000
itsec.eicp.net. A 115.170.14.14
count 3
first seen 2012-09-11 04:40:10 -0000
last seen 2012-09-11 05:40:11 -0000
itsec.eicp.net. A 115.170.19.79
count 12
first seen 2012-06-27 12:50:01 -0000
last seen 2012-06-28 03:50:00 -0000
itsec.eicp.net. A 115.170.20.200
count 20
first seen 2012-07-07 13:45:00 -0000
last seen 2012-07-07 21:44:59 -0000
itsec.eicp.net. A 115.170.21.112
count 26
first seen 2012-05-08 14:19:33 -0000
last seen 2012-05-08 15:23:49 -0000
itsec.eicp.net. A 115.170.23.254
count 380
first seen 2012-05-27 13:19:17 -0000
last seen 2012-05-27 22:56:10 -0000
itsec.eicp.net. A 115.170.24.217
count 51
first seen 2012-06-20 05:22:38 -0000
last seen 2012-06-20 06:28:00 -0000
itsec.eicp.net. A 115.170.24.219
count 3
first seen 2012-05-16 04:38:28 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 33 of 71

last seen 2012-05-16 05:08:20 -0000
itsec.eicp.net. A 115.170.24.220
count 354
first seen 2012-06-30 05:40:04 -0000
last seen 2012-07-01 02:02:03 -0000
itsec.eicp.net. A 115.170.30.49
count 303
first seen 2012-05-18 05:53:37 -0000
last seen 2012-05-19 11:19:21 -0000
itsec.eicp.net. A 115.170.31.215
count 328
first seen 2012-05-12 02:10:10 -0000
last seen 2012-05-13 01:24:06 -0000
itsec.eicp.net. A 115.170.32.58
count 2
first seen 2012-07-03 10:15:01 -0000
last seen 2012-07-03 10:45:01 -0000
itsec.eicp.net. A 115.170.32.65
count 1
first seen 2011-12-30 04:33:08 -0000
last seen 2011-12-30 04:33:08 -0000
itsec.eicp.net. A 115.170.32.127
count 13
first seen 2012-08-30 11:00:02 -0000
last seen 2012-08-30 16:17:22 -0000
itsec.eicp.net. A 115.170.33.1
count 3
first seen 2012-07-02 04:30:01 -0000
last seen 2012-07-02 05:15:01 -0000
itsec.eicp.net. A 115.170.34.247
count 240
first seen 2012-07-11 13:59:58 -0000
last seen 2012-07-12 00:55:06 -0000
itsec.eicp.net. A 115.170.35.169
count 5
first seen 2012-04-07 08:28:38 -0000
last seen 2012-04-07 08:49:09 -0000
itsec.eicp.net. A 115.170.35.185
count 2
first seen 2012-06-17 12:50:04 -0000
last seen 2012-06-17 15:20:07 -0000
itsec.eicp.net. A 115.170.39.112
count 509
first seen 2012-08-22 07:40:06 -0000
last seen 2012-08-23 01:17:48 -0000
itsec.eicp.net. A 115.170.39.228
count 245
first seen 2012-07-01 15:00:02 -0000
last seen 2012-07-02 00:08:49 -0000
itsec.eicp.net. A 115.170.40.230
count 501
first seen 2012-06-20 15:05:35 -0000
last seen 2012-06-20 22:34:16 -0000
itsec.eicp.net. A 115.170.41.43
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 34 of 71

count 1
first seen 2012-01-14 16:35:28 -0000
last seen 2012-01-14 16:35:28 -0000
itsec.eicp.net. A 115.170.43.78
count 2
first seen 2012-06-24 04:20:06 -0000
last seen 2012-06-24 04:50:04 -0000
itsec.eicp.net. A 115.170.45.173
count 2
first seen 2012-07-25 05:00:03 -0000
last seen 2012-07-25 06:00:03 -0000
itsec.eicp.net. A 115.170.46.2
count 2
first seen 2012-07-27 14:00:03 -0000
last seen 2012-07-27 15:20:01 -0000
itsec.eicp.net. A 115.170.47.39
count 1
first seen 2011-12-26 14:33:05 -0000
last seen 2011-12-26 14:33:05 -0000
itsec.eicp.net. A 115.170.48.38
count 33
first seen 2012-03-07 06:03:05 -0000
last seen 2012-03-07 11:39:13 -0000
itsec.eicp.net. A 115.170.49.223
count 13
first seen 2012-05-17 04:21:44 -0000
last seen 2012-05-17 05:49:23 -0000
itsec.eicp.net. A 115.170.52.198
count 7
first seen 2012-10-06 06:00:04 -0000
last seen 2012-10-06 08:40:03 -0000
itsec.eicp.net. A 115.170.57.211
count 3
first seen 2012-07-03 05:00:01 -0000
last seen 2012-07-03 05:45:01 -0000
itsec.eicp.net. A 115.170.60.1
count 51
first seen 2012-04-11 13:46:41 -0000
last seen 2012-04-11 16:19:13 -0000
itsec.eicp.net. A 115.170.61.137
count 34
first seen 2012-05-09 10:10:56 -0000
last seen 2012-05-09 11:54:41 -0000
itsec.eicp.net. A 115.170.61.218
count 1
first seen 2011-10-17 21:37:17 -0000
last seen 2011-10-17 21:37:17 -0000
itsec.eicp.net. A 115.170.62.54
count 9
first seen 2012-11-01 15:40:07 -0000
last seen 2012-11-01 23:40:06 -0000
itsec.eicp.net. A 115.170.63.149
count 22
first seen 2012-07-09 14:14:59 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 35 of 71

last seen 2012-07-10 01:14:59 -0000
itsec.eicp.net. A 115.170.63.221
count 4
first seen 2012-05-13 07:49:17 -0000
last seen 2012-05-13 08:11:58 -0000
itsec.eicp.net. A 115.170.66.117
count 4
first seen 2012-07-16 04:30:00 -0000
last seen 2012-07-16 06:44:58 -0000
itsec.eicp.net. A 115.170.67.98
count 5
first seen 2012-09-06 04:08:28 -0000
last seen 2012-09-06 05:00:09 -0000
itsec.eicp.net. A 115.170.67.116
count 63
first seen 2012-05-11 03:57:26 -0000
last seen 2012-05-11 15:31:09 -0000
itsec.eicp.net. A 115.170.68.177
count 17
first seen 2012-07-21 14:30:05 -0000
last seen 2012-07-22 03:00:06 -0000
itsec.eicp.net. A 115.170.69.142
count 624
first seen 2012-08-21 14:00:06 -0000
last seen 2012-08-22 06:20:06 -0000
itsec.eicp.net. A 115.170.69.155
count 11
first seen 2012-06-29 04:50:00 -0000
last seen 2012-06-29 17:19:59 -0000
itsec.eicp.net. A 115.170.70.102
count 13
first seen 2012-11-26 12:39:53 -0000
last seen 2012-11-26 22:59:53 -0000
itsec.eicp.net. A 115.170.96.32
count 1
first seen 2012-01-09 04:34:10 -0000
last seen 2012-01-09 04:34:10 -0000
itsec.eicp.net. A 115.170.96.119
count 247
first seen 2012-10-04 00:08:32 -0000
last seen 2012-10-04 07:40:04 -0000
itsec.eicp.net. A 115.170.97.50
count 11
first seen 2012-11-09 15:20:02 -0000
last seen 2012-11-09 21:40:01 -0000
itsec.eicp.net. A 115.170.97.137
count 16
first seen 2012-11-18 12:19:57 -0000
last seen 2012-11-18 23:19:57 -0000
itsec.eicp.net. A 115.170.97.141
count 20
first seen 2012-11-03 08:20:05 -0000
last seen 2012-11-04 01:20:05 -0000
itsec.eicp.net. A 115.170.97.235
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 36 of 71

count 37
first seen 2012-11-17 14:51:40 -0000
last seen 2012-11-18 11:19:58 -0000
itsec.eicp.net. A 115.170.99.40
count 8
first seen 2012-09-18 04:18:57 -0000
last seen 2012-09-18 06:00:09 -0000
itsec.eicp.net. A 115.170.99.132
count 316
first seen 2012-10-16 18:51:32 -0000
last seen 2012-10-16 23:47:57 -0000
itsec.eicp.net. A 115.170.99.217
count 3
first seen 2012-02-29 03:49:49 -0000
last seen 2012-02-29 07:49:49 -0000
itsec.eicp.net. A 115.170.100.226
count 457
first seen 2012-09-30 08:20:05 -0000
last seen 2012-10-01 11:00:04 -0000
itsec.eicp.net. A 115.170.102.87
count 3
first seen 2012-09-21 05:20:07 -0000
last seen 2012-09-21 06:40:08 -0000
itsec.eicp.net. A 115.170.102.194
count 1
first seen 2011-12-25 06:33:22 -0000
last seen 2011-12-25 06:33:22 -0000
itsec.eicp.net. A 115.170.102.206
count 225
first seen 2012-09-22 14:29:13 -0000
last seen 2012-09-23 01:25:41 -0000
itsec.eicp.net. A 115.170.103.21
count 3
first seen 2012-09-28 12:40:06 -0000
last seen 2012-09-28 14:20:06 -0000
itsec.eicp.net. A 115.170.103.64
count 1
first seen 2011-11-14 04:33:35 -0000
last seen 2011-11-14 04:33:35 -0000
itsec.eicp.net. A 115.170.103.103
count 2
first seen 2012-09-27 05:20:06 -0000
last seen 2012-09-27 05:40:06 -0000
itsec.eicp.net. A 115.170.104.14
count 543
first seen 2012-10-04 08:00:04 -0000
last seen 2012-10-04 23:24:53 -0000
itsec.eicp.net. A 115.170.105.79
count 65
first seen 2012-10-25 17:00:09 -0000
last seen 2012-10-25 19:46:28 -0000
itsec.eicp.net. A 115.170.105.173
count 77
first seen 2012-12-01 14:00:20 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 37 of 71

last seen 2012-12-02 23:00:20 -0000
itsec.eicp.net. A 115.170.105.238
count 15
first seen 2012-11-22 10:59:56 -0000
last seen 2012-11-22 23:19:55 -0000
itsec.eicp.net. A 115.170.106.113
count 268
first seen 2012-10-04 23:25:26 -0000
last seen 2012-10-06 04:54:53 -0000
itsec.eicp.net. A 115.170.106.227
count 15
first seen 2012-08-01 08:40:01 -0000
last seen 2012-08-01 23:00:01 -0000
itsec.eicp.net. A 115.170.107.36
count 1
first seen 2011-09-01 21:32:44 -0000
last seen 2011-09-01 21:32:44 -0000
itsec.eicp.net. A 115.170.107.103
count 1
first seen 2012-09-26 14:00:07 -0000
last seen 2012-09-26 14:00:07 -0000
itsec.eicp.net. A 115.170.108.94
count 17
first seen 2012-12-04 14:00:20 -0000
last seen 2012-12-04 23:40:20 -0000
itsec.eicp.net. A 115.170.109.87
count 30
first seen 2012-07-08 12:15:00 -0000
last seen 2012-07-09 02:14:59 -0000
itsec.eicp.net. A 115.170.110.15
count 18
first seen 2012-07-28 08:00:04 -0000
last seen 2012-07-29 00:00:02 -0000
itsec.eicp.net. A 115.170.110.230
count 116
first seen 2012-03-27 14:57:51 -0000
last seen 2012-03-27 23:27:01 -0000
itsec.eicp.net. A 115.170.112.223
count 1
first seen 2012-01-15 18:33:01 -0000
last seen 2012-01-15 18:33:01 -0000
itsec.eicp.net. A 115.170.113.118
count 163
first seen 2012-10-12 23:39:37 -0000
last seen 2012-10-13 11:00:16 -0000
itsec.eicp.net. A 115.170.114.6
count 3
first seen 2012-10-09 01:40:31 -0000
last seen 2012-10-09 01:41:16 -0000
itsec.eicp.net. A 115.170.114.17
count 30
first seen 2012-05-14 11:08:56 -0000
last seen 2012-05-14 15:36:08 -0000
itsec.eicp.net. A 115.170.114.108
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 38 of 71

count 102
first seen 2012-04-13 11:28:25 -0000
last seen 2012-04-13 16:51:11 -0000
itsec.eicp.net. A 115.170.115.199
count 106
first seen 2012-04-16 10:32:47 -0000
last seen 2012-04-16 15:16:54 -0000
itsec.eicp.net. A 115.170.117.59
count 5
first seen 2012-05-13 15:45:51 -0000
last seen 2012-05-13 15:53:24 -0000
itsec.eicp.net. A 115.170.118.48
count 0
first seen 2011-12-12 16:31:31 -0000
last seen 2011-12-12 16:31:31 -0000
itsec.eicp.net. A 115.170.120.127
count 4
first seen 2012-07-18 14:30:06 -0000
last seen 2012-07-18 16:00:06 -0000
itsec.eicp.net. A 115.170.122.87
count 5
first seen 2012-10-12 04:04:33 -0000
last seen 2012-10-12 08:40:15 -0000
itsec.eicp.net. A 115.170.124.23
count 6
first seen 2012-08-23 05:20:06 -0000
last seen 2012-08-23 08:20:09 -0000
itsec.eicp.net. A 115.170.125.97
count 2063
first seen 2012-08-23 09:20:06 -0000
last seen 2012-08-27 00:12:31 -0000
itsec.eicp.net. A 115.170.126.173
count 3
first seen 2012-05-23 04:15:56 -0000
last seen 2012-05-23 05:49:21 -0000
itsec.eicp.net. A 115.170.128.43
count 2
first seen 2012-07-20 04:30:06 -0000
last seen 2012-07-20 06:00:06 -0000
itsec.eicp.net. A 115.170.128.72
count 19
first seen 2012-11-02 04:20:07 -0000
last seen 2012-11-02 18:00:13 -0000
itsec.eicp.net. A 115.170.128.140
count 2
first seen 2012-09-20 04:19:43 -0000
last seen 2012-09-20 04:40:08 -0000
itsec.eicp.net. A 115.170.129.116
count 8
first seen 2012-05-19 11:49:24 -0000
last seen 2012-05-19 16:11:29 -0000
itsec.eicp.net. A 115.170.129.176
count 380
first seen 2012-06-01 04:49:15 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 39 of 71

last seen 2012-06-02 00:45:26 -0000
itsec.eicp.net. A 115.170.129.181
count 1
first seen 2011-08-23 14:35:18 -0000
last seen 2011-08-23 14:35:18 -0000
itsec.eicp.net. A 115.170.129.183
count 16
first seen 2012-11-04 13:20:05 -0000
last seen 2012-11-04 23:20:06 -0000
itsec.eicp.net. A 115.170.130.74
count 1
first seen 2012-05-22 14:19:20 -0000
last seen 2012-05-22 14:19:20 -0000
itsec.eicp.net. A 115.170.131.4
count 108
first seen 2012-09-19 12:40:09 -0000
last seen 2012-09-20 00:07:44 -0000
itsec.eicp.net. A 115.170.131.191
count 7
first seen 2012-05-23 15:49:23 -0000
last seen 2012-05-23 21:49:18 -0000
itsec.eicp.net. A 115.170.132.122
count 12
first seen 2012-06-19 04:23:58 -0000
last seen 2012-06-19 04:50:04 -0000
itsec.eicp.net. A 115.170.132.123
count 6
first seen 2012-10-14 05:49:38 -0000
last seen 2012-10-14 09:40:14 -0000
itsec.eicp.net. A 115.170.133.151
count 2
first seen 2012-02-04 00:35:03 -0000
last seen 2012-02-04 02:34:21 -0000
itsec.eicp.net. A 115.170.133.165
count 12
first seen 2012-03-02 15:38:25 -0000
last seen 2012-03-02 16:51:22 -0000
itsec.eicp.net. A 115.170.133.245
count 70
first seen 2012-10-07 00:04:14 -0000
last seen 2012-10-07 06:40:03 -0000
itsec.eicp.net. A 115.170.134.107
count 7
first seen 2012-11-06 09:20:03 -0000
last seen 2012-11-06 13:00:07 -0000
itsec.eicp.net. A 115.170.134.136
count 8
first seen 2012-07-10 04:45:00 -0000
last seen 2012-07-10 07:45:00 -0000
itsec.eicp.net. A 115.170.134.225
count 2
first seen 2012-04-24 14:45:39 -0000
last seen 2012-04-24 14:56:05 -0000
itsec.eicp.net. A 115.170.135.90
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 40 of 71

count 196
first seen 2012-06-16 01:14:30 -0000
last seen 2012-06-16 08:50:05 -0000
itsec.eicp.net. A 115.170.136.213
count 16
first seen 2012-11-10 11:00:01 -0000
last seen 2012-11-10 23:00:00 -0000
itsec.eicp.net. A 115.170.137.130
count 51
first seen 2012-05-04 15:11:02 -0000
last seen 2012-05-04 18:18:19 -0000
itsec.eicp.net. A 115.170.138.16
count 470
first seen 2012-06-22 01:49:51 -0000
last seen 2012-06-22 13:54:33 -0000
itsec.eicp.net. A 115.170.138.132
count 1
first seen 2012-06-27 04:50:02 -0000
last seen 2012-06-27 04:50:02 -0000
itsec.eicp.net. A 115.170.139.90
count 1
first seen 2012-06-28 06:20:01 -0000
last seen 2012-06-28 06:20:01 -0000
itsec.eicp.net. A 115.170.140.232
count 105
first seen 2012-05-24 18:49:19 -0000
last seen 2012-05-25 00:28:11 -0000
itsec.eicp.net. A 115.170.142.183
count 204
first seen 2012-06-02 00:46:39 -0000
last seen 2012-06-03 06:19:13 -0000
itsec.eicp.net. A 115.170.146.231
count 9
first seen 2012-06-21 04:06:20 -0000
last seen 2012-06-21 05:50:02 -0000
itsec.eicp.net. A 115.170.146.253
count 17
first seen 2012-06-22 13:55:37 -0000
last seen 2012-06-22 16:13:33 -0000
itsec.eicp.net. A 115.170.153.134
count 1
first seen 2012-06-25 04:20:03 -0000
last seen 2012-06-25 04:20:03 -0000
itsec.eicp.net. A 115.170.153.135
count 54
first seen 2012-03-06 16:49:44 -0000
last seen 2012-03-06 23:20:30 -0000
itsec.eicp.net. A 115.170.157.205
count 17
first seen 2012-09-21 23:51:18 -0000
last seen 2012-09-22 13:00:08 -0000
itsec.eicp.net. A 115.170.162.122
count 13
first seen 2012-06-25 11:50:02 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 41 of 71

last seen 2012-06-25 23:20:02 -0000
itsec.eicp.net. A 115.170.163.131
count 2
first seen 2012-06-26 04:50:02 -0000
last seen 2012-06-26 05:20:04 -0000
itsec.eicp.net. A 115.170.163.155
count 165
first seen 2012-08-31 11:00:03 -0000
last seen 2012-08-31 21:26:31 -0000
itsec.eicp.net. A 115.170.166.32
count 12
first seen 2012-07-07 07:45:00 -0000
last seen 2012-07-07 12:29:59 -0000
itsec.eicp.net. A 115.170.166.132
count 1
first seen 2012-07-09 04:14:59 -0000
last seen 2012-07-09 04:14:59 -0000
itsec.eicp.net. A 115.170.166.133
count 1
first seen 2011-09-19 15:58:28 -0000
last seen 2011-09-19 15:58:28 -0000
itsec.eicp.net. A 115.170.168.33
count 39
first seen 2012-05-10 04:17:06 -0000
last seen 2012-05-10 06:11:55 -0000
itsec.eicp.net. A 115.170.170.122
count 26
first seen 2012-07-05 10:45:00 -0000
last seen 2012-07-06 02:15:00 -0000
itsec.eicp.net. A 115.170.171.171
count 2
first seen 2012-05-22 04:49:20 -0000
last seen 2012-05-22 05:19:21 -0000
itsec.eicp.net. A 115.170.172.161
count 8
first seen 2012-05-01 06:19:38 -0000
last seen 2012-05-01 12:49:38 -0000
itsec.eicp.net. A 115.170.173.8
count 1
first seen 2012-07-07 00:45:00 -0000
last seen 2012-07-07 00:45:00 -0000
itsec.eicp.net. A 115.170.173.42
count 18
first seen 2012-11-06 13:40:04 -0000
last seen 2012-11-06 23:40:03 -0000
itsec.eicp.net. A 115.170.173.75
count 60
first seen 2012-09-08 00:00:08 -0000
last seen 2012-09-08 14:14:33 -0000
itsec.eicp.net. A 115.170.174.85
count 14
first seen 2012-11-25 13:39:54 -0000
last seen 2012-11-25 23:39:54 -0000
itsec.eicp.net. A 115.170.174.246
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 42 of 71

count 2
first seen 2012-04-29 02:09:53 -0000
last seen 2012-04-29 02:49:35 -0000
itsec.eicp.net. A 115.170.175.206
count 6
first seen 2012-11-14 12:39:59 -0000
last seen 2012-11-14 16:19:59 -0000
itsec.eicp.net. A 115.170.176.233
count 39
first seen 2012-11-24 03:59:55 -0000
last seen 2012-11-25 09:39:54 -0000
itsec.eicp.net. A 115.170.177.113
count 2
first seen 2012-09-28 04:22:53 -0000
last seen 2012-09-28 04:23:53 -0000
itsec.eicp.net. A 115.170.177.198
count 1
first seen 2012-07-27 05:40:03 -0000
last seen 2012-07-27 05:40:03 -0000
itsec.eicp.net. A 115.170.183.100
count 3
first seen 2012-07-26 04:40:03 -0000
last seen 2012-07-26 06:20:03 -0000
itsec.eicp.net. A 115.170.185.163
count 3
first seen 2012-09-05 13:00:10 -0000
last seen 2012-09-05 14:40:10 -0000
itsec.eicp.net. A 115.170.187.43
count 322
first seen 2012-09-07 04:33:24 -0000
last seen 2012-09-07 23:30:01 -0000
itsec.eicp.net. A 115.170.188.46
count 2
first seen 2012-07-12 04:44:59 -0000
last seen 2012-07-12 05:14:58 -0000
itsec.eicp.net. A 115.170.188.77
count 21
first seen 2012-05-06 03:49:35 -0000
last seen 2012-05-06 15:19:35 -0000
itsec.eicp.net. A 115.170.189.57
count 21
first seen 2012-05-02 14:35:48 -0000
last seen 2012-05-02 15:41:43 -0000
itsec.eicp.net. A 115.170.191.71
count 13
first seen 2012-07-25 11:40:03 -0000
last seen 2012-07-25 23:40:03 -0000
itsec.eicp.net. A 115.170.191.95
count 1
first seen 2012-04-29 14:49:34 -0000
last seen 2012-04-29 14:49:34 -0000
itsec.eicp.net. A 115.170.194.66
count 29
first seen 2012-04-05 14:01:21 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 43 of 71

last seen 2012-04-05 15:29:45 -0000
itsec.eicp.net. A 115.170.194.179
count 361
first seen 2012-10-13 11:20:14 -0000
last seen 2012-10-13 20:09:55 -0000
itsec.eicp.net. A 115.170.195.248
count 6
first seen 2012-07-05 04:15:00 -0000
last seen 2012-07-05 06:15:00 -0000
itsec.eicp.net. A 115.170.197.19
count 13
first seen 2012-07-20 10:30:06 -0000
last seen 2012-07-21 00:00:06 -0000
itsec.eicp.net. A 115.170.197.38
count 59
first seen 2012-10-17 10:27:47 -0000
last seen 2012-10-17 16:46:18 -0000
itsec.eicp.net. A 115.170.197.82
count 18
first seen 2012-05-14 04:13:01 -0000
last seen 2012-05-14 05:44:50 -0000
itsec.eicp.net. A 115.170.199.39
count 13
first seen 2012-08-04 05:39:59 -0000
last seen 2012-08-04 14:19:59 -0000
itsec.eicp.net. A 115.170.200.88
count 1
first seen 2012-08-30 16:28:22 -0000
last seen 2012-08-30 16:28:22 -0000
itsec.eicp.net. A 115.170.202.130
count 1
first seen 2012-01-29 02:34:32 -0000
last seen 2012-01-29 02:34:32 -0000
itsec.eicp.net. A 115.170.203.242
count 10
first seen 2012-09-14 04:20:10 -0000
last seen 2012-09-14 13:00:10 -0000
itsec.eicp.net. A 115.170.204.136
count 6
first seen 2012-07-11 10:59:59 -0000
last seen 2012-07-11 13:14:59 -0000
itsec.eicp.net. A 115.170.205.46
count 7
first seen 2012-05-05 01:49:36 -0000
last seen 2012-05-05 08:19:36 -0000
itsec.eicp.net. A 115.170.206.142
count 93
first seen 2012-03-26 14:49:55 -0000
last seen 2012-03-27 01:01:52 -0000
itsec.eicp.net. A 115.170.209.192
count 114
first seen 2012-10-26 23:01:38 -0000
last seen 2012-10-27 00:53:45 -0000
itsec.eicp.net. A 115.170.209.203
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 44 of 71

count 1
first seen 2012-02-01 04:50:49 -0000
last seen 2012-02-01 04:50:49 -0000
itsec.eicp.net. A 115.170.210.246
count 2
first seen 2012-09-01 09:00:02 -0000
last seen 2012-09-01 12:20:02 -0000
itsec.eicp.net. A 115.170.211.51
count 1476
first seen 2012-09-14 23:30:11 -0000
last seen 2012-09-16 23:59:25 -0000
itsec.eicp.net. A 115.170.211.134
count 2
first seen 2012-07-11 05:29:59 -0000
last seen 2012-07-11 06:44:59 -0000
itsec.eicp.net. A 115.170.212.68
count 4
first seen 2012-07-21 11:30:06 -0000
last seen 2012-07-21 13:30:05 -0000
itsec.eicp.net. A 115.170.212.70
count 238
first seen 2012-08-23 01:18:55 -0000
last seen 2012-08-23 04:49:44 -0000
itsec.eicp.net. A 115.170.212.86
count 16
first seen 2012-11-29 15:19:53 -0000
last seen 2012-11-30 01:59:52 -0000
itsec.eicp.net. A 115.170.212.115
count 1
first seen 2012-02-04 08:48:54 -0000
last seen 2012-02-04 08:48:54 -0000
itsec.eicp.net. A 115.170.212.157
count 65
first seen 2012-04-04 14:21:15 -0000
last seen 2012-04-04 21:09:00 -0000
itsec.eicp.net. A 115.170.215.138
count 350
first seen 2012-10-24 12:20:10 -0000
last seen 2012-10-25 02:41:44 -0000
itsec.eicp.net. A 115.170.217.225
count 29
first seen 2012-10-26 18:20:08 -0000
last seen 2012-10-26 19:37:15 -0000
itsec.eicp.net. A 115.170.219.89
count 17
first seen 2012-07-02 11:00:02 -0000
last seen 2012-07-02 18:15:01 -0000
itsec.eicp.net. A 115.170.219.235
count 3
first seen 2012-10-03 11:40:04 -0000
last seen 2012-10-03 13:40:04 -0000
itsec.eicp.net. A 115.170.221.125
count 1
first seen 2011-08-25 04:35:29 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 45 of 71

last seen 2011-08-25 04:35:29 -0000
itsec.eicp.net. A 115.170.231.191
count 46
first seen 2012-05-09 14:33:03 -0000
last seen 2012-05-09 16:33:13 -0000
itsec.eicp.net. A 115.170.236.178
count 1
first seen 2012-04-30 02:19:41 -0000
last seen 2012-04-30 02:19:41 -0000
itsec.eicp.net. A 115.170.237.235
count 31
first seen 2012-04-11 04:32:02 -0000
last seen 2012-04-11 06:05:00 -0000
itsec.eicp.net. A 115.170.238.56
count 151
first seen 2012-03-10 15:52:54 -0000
last seen 2012-03-12 01:29:13 -0000
itsec.eicp.net. A 115.171.4.134
count 44
first seen 2012-04-20 13:58:49 -0000
last seen 2012-04-20 15:19:12 -0000
itsec.eicp.net. A 115.171.4.239
count 63
first seen 2012-04-09 11:21:31 -0000
last seen 2012-04-09 14:56:01 -0000
itsec.eicp.net. A 115.171.5.76
count 160
first seen 2012-03-28 04:29:32 -0000
last seen 2012-03-28 11:51:35 -0000
itsec.eicp.net. A 115.171.10.216
count 8
first seen 2012-03-01 17:49:47 -0000
last seen 2012-03-02 01:19:47 -0000
itsec.eicp.net. A 115.171.15.22
count 5
first seen 2012-02-27 18:19:50 -0000
last seen 2012-02-27 22:49:49 -0000
itsec.eicp.net. A 115.171.15.58
count 10
first seen 2012-02-29 17:19:47 -0000
last seen 2012-03-01 02:19:49 -0000
itsec.eicp.net. A 115.171.17.183
count 1
first seen 2011-08-28 09:30:45 -0000
last seen 2011-08-28 09:30:45 -0000
itsec.eicp.net. A 115.171.18.98
count 56
first seen 2012-03-28 13:58:12 -0000
last seen 2012-03-28 22:19:53 -0000
itsec.eicp.net. A 115.171.34.145
count 4
first seen 2012-03-13 16:04:13 -0000
last seen 2012-03-13 16:24:48 -0000
itsec.eicp.net. A 115.171.37.32
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 46 of 71

count 202
first seen 2012-04-17 15:11:11 -0000
last seen 2012-04-18 00:49:43 -0000
itsec.eicp.net. A 115.171.37.160
count 421
first seen 2012-04-01 13:28:25 -0000
last seen 2012-04-02 13:53:19 -0000
itsec.eicp.net. A 115.171.38.40
count 417
first seen 2012-04-06 04:32:58 -0000
last seen 2012-04-07 08:26:20 -0000
itsec.eicp.net. A 115.171.40.114
count 1
first seen 2012-01-18 10:34:52 -0000
last seen 2012-01-18 10:34:52 -0000
itsec.eicp.net. A 115.171.41.235
count 170
first seen 2012-03-17 13:27:57 -0000
last seen 2012-03-19 01:50:00 -0000
itsec.eicp.net. A 115.171.45.117
count 165
first seen 2012-04-10 13:56:18 -0000
last seen 2012-04-11 00:18:44 -0000
itsec.eicp.net. A 115.171.46.36
count 33
first seen 2012-04-16 04:24:33 -0000
last seen 2012-04-16 06:02:55 -0000
itsec.eicp.net. A 115.171.47.8
count 1
first seen 2012-05-03 04:49:37 -0000
last seen 2012-05-03 04:49:37 -0000
itsec.eicp.net. A 115.171.47.154
count 274
first seen 2012-04-12 04:24:01 -0000
last seen 2012-04-12 16:25:03 -0000
itsec.eicp.net. A 115.171.49.46
count 1
first seen 2011-10-25 05:34:55 -0000
last seen 2011-10-25 05:34:55 -0000
itsec.eicp.net. A 115.171.51.175
count 2
first seen 2012-01-06 00:33:42 -0000
last seen 2012-01-06 04:54:23 -0000
itsec.eicp.net. A 115.171.61.159
count 1
first seen 2011-08-24 12:34:23 -0000
last seen 2011-08-24 12:34:23 -0000
itsec.eicp.net. A 115.171.100.183
count 17
first seen 2012-04-25 13:29:17 -0000
last seen 2012-04-25 15:08:09 -0000
itsec.eicp.net. A 115.171.112.80
count 2
first seen 2012-02-15 14:39:28 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 47 of 71

last seen 2012-02-15 22:35:13 -0000
itsec.eicp.net. A 115.171.114.160
count 126
first seen 2012-05-10 14:11:59 -0000
last seen 2012-05-10 23:49:32 -0000
itsec.eicp.net. A 115.171.116.27
count 1
first seen 2012-01-01 12:46:09 -0000
last seen 2012-01-01 12:46:09 -0000
itsec.eicp.net. A 115.171.118.227
count 34
first seen 2012-02-25 19:19:53 -0000
last seen 2012-02-27 02:19:52 -0000
itsec.eicp.net. A 115.171.119.50
count 21
first seen 2012-03-16 14:05:50 -0000
last seen 2012-03-16 16:25:27 -0000
itsec.eicp.net. A 115.171.121.27
count 51
first seen 2012-04-20 04:20:46 -0000
last seen 2012-04-20 06:11:42 -0000
itsec.eicp.net. A 115.171.124.245
count 51
first seen 2012-04-17 04:22:55 -0000
last seen 2012-04-17 06:04:51 -0000
itsec.eicp.net. A 115.171.127.215
count 5
first seen 2012-03-22 16:00:36 -0000
last seen 2012-03-22 16:35:24 -0000
itsec.eicp.net. A 115.171.128.17
count 1
first seen 2011-09-05 04:36:11 -0000
last seen 2011-09-05 04:36:11 -0000
itsec.eicp.net. A 115.171.132.26
count 4
first seen 2012-02-18 06:40:54 -0000
last seen 2012-02-18 16:34:15 -0000
itsec.eicp.net. A 115.171.132.46
count 6
first seen 2012-01-21 04:33:13 -0000
last seen 2012-01-21 07:58:11 -0000
itsec.eicp.net. A 115.171.135.11
count 1
first seen 2011-10-11 12:15:43 -0000
last seen 2011-10-11 12:15:43 -0000
itsec.eicp.net. A 115.171.138.110
count 9
first seen 2012-03-12 16:12:28 -0000
last seen 2012-03-12 17:11:57 -0000
itsec.eicp.net. A 115.171.139.104
count 1
first seen 2011-08-19 04:17:00 -0000
last seen 2011-08-19 04:17:00 -0000
itsec.eicp.net. A 115.171.141.206
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 48 of 71

count 190
first seen 2012-04-03 14:08:15 -0000
last seen 2012-04-04 01:47:55 -0000
itsec.eicp.net. A 115.171.143.109
count 5
first seen 2010-12-01 15:20:29 -0000
last seen 2010-12-01 15:36:54 -0000
itsec.eicp.net. A 116.69.44.161
count 4
first seen 2010-12-02 05:41:35 -0000
last seen 2010-12-02 05:58:30 -0000
itsec.eicp.net. A 116.69.194.241
count 131
first seen 2010-12-02 07:37:35 -0000
last seen 2012-10-23 08:20:10 -0000
itsec.eicp.net. A 120.50.35.60
count 18
first seen 2012-03-27 08:45:05 -0000
last seen 2012-04-18 09:44:26 -0000
itsec.eicp.net. A 122.147.136.56
count 30
first seen 2012-03-02 01:49:47 -0000
last seen 2012-03-02 15:05:01 -0000
itsec.eicp.net. A 123.117.16.92
count 16
first seen 2012-03-27 23:59:35 -0000
last seen 2012-03-28 00:28:31 -0000
itsec.eicp.net. A 123.117.16.231
count 20
first seen 2012-03-27 06:26:59 -0000
last seen 2012-03-27 08:25:18 -0000
itsec.eicp.net. A 123.117.19.168
count 42
first seen 2012-03-23 15:00:45 -0000
last seen 2012-03-23 18:01:57 -0000
itsec.eicp.net. A 123.117.20.202
count 10
first seen 2012-02-24 04:43:32 -0000
last seen 2012-02-24 11:19:52 -0000
itsec.eicp.net. A 123.117.22.18
count 43
first seen 2012-10-25 23:51:08 -0000
last seen 2012-10-26 00:30:12 -0000
itsec.eicp.net. A 123.120.96.128
count 4
first seen 2012-07-26 07:00:03 -0000
last seen 2012-07-26 10:20:04 -0000
itsec.eicp.net. A 123.120.96.150
count 78
first seen 2012-05-25 00:29:26 -0000
last seen 2012-05-25 04:19:17 -0000
itsec.eicp.net. A 123.120.96.159
count 3
first seen 2012-11-23 01:19:55 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 49 of 71

last seen 2012-11-23 02:59:55 -0000
itsec.eicp.net. A 123.120.96.235
count 26
first seen 2012-04-19 00:18:16 -0000
last seen 2012-04-19 03:22:14 -0000
itsec.eicp.net. A 123.120.97.27
count 136
first seen 2012-09-26 03:03:29 -0000
last seen 2012-09-26 06:20:06 -0000
itsec.eicp.net. A 123.120.97.101
count 405
first seen 2012-06-07 07:49:10 -0000
last seen 2012-06-08 03:22:56 -0000
itsec.eicp.net. A 123.120.97.156
count 12
first seen 2012-04-12 01:06:41 -0000
last seen 2012-04-12 01:48:41 -0000
itsec.eicp.net. A 123.120.97.193
count 341
first seen 2012-10-10 18:38:52 -0000
last seen 2012-10-10 23:44:29 -0000
itsec.eicp.net. A 123.120.98.22
count 1
first seen 2012-05-31 06:49:15 -0000
last seen 2012-05-31 06:49:15 -0000
itsec.eicp.net. A 123.120.98.116
count 219
first seen 2012-09-13 00:52:22 -0000
last seen 2012-09-13 04:13:08 -0000
itsec.eicp.net. A 123.120.98.161
count 164
first seen 2012-06-18 00:19:40 -0000
last seen 2012-06-18 06:11:04 -0000
itsec.eicp.net. A 123.120.99.30
count 2
first seen 2012-09-02 23:44:23 -0000
last seen 2012-09-03 01:07:04 -0000
itsec.eicp.net. A 123.120.99.39
count 4
first seen 2012-12-05 01:00:19 -0000
last seen 2012-12-05 02:40:19 -0000
itsec.eicp.net. A 123.120.99.74
count 42
first seen 2012-09-16 23:59:53 -0000
last seen 2012-09-17 04:17:23 -0000
itsec.eicp.net. A 123.120.99.86
count 1
first seen 2012-08-27 00:20:04 -0000
last seen 2012-08-27 00:20:04 -0000
itsec.eicp.net. A 123.120.99.110
count 1
first seen 2012-05-29 06:49:18 -0000
last seen 2012-05-29 06:49:18 -0000
itsec.eicp.net. A 123.120.99.151
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 50 of 71

count 56
first seen 2012-04-19 23:46:33 -0000
last seen 2012-04-20 03:36:24 -0000
itsec.eicp.net. A 123.120.99.159
count 2
first seen 2012-07-13 00:14:58 -0000
last seen 2012-07-13 00:29:57 -0000
itsec.eicp.net. A 123.120.99.190
count 17
first seen 2012-08-29 23:49:04 -0000
last seen 2012-08-30 09:40:03 -0000
itsec.eicp.net. A 123.120.100.41
count 17
first seen 2012-09-26 23:41:23 -0000
last seen 2012-09-27 03:52:35 -0000
itsec.eicp.net. A 123.120.100.90
count 42
first seen 2012-10-16 23:49:02 -0000
last seen 2012-10-17 10:26:46 -0000
itsec.eicp.net. A 123.120.100.101
count 42
first seen 2012-04-20 06:49:48 -0000
last seen 2012-04-20 08:44:04 -0000
itsec.eicp.net. A 123.120.100.205
count 8
first seen 2012-09-18 00:34:23 -0000
last seen 2012-09-18 03:43:33 -0000
itsec.eicp.net. A 123.120.101.23
count 9
first seen 2012-07-24 07:20:04 -0000
last seen 2012-07-24 15:20:04 -0000
itsec.eicp.net. A 123.120.101.94
count 29
first seen 2012-05-07 23:47:17 -0000
last seen 2012-05-08 03:49:34 -0000
itsec.eicp.net. A 123.120.101.100
count 1
first seen 2012-10-30 08:40:07 -0000
last seen 2012-10-30 08:40:07 -0000
itsec.eicp.net. A 123.120.101.162
count 11
first seen 2012-07-02 00:09:49 -0000
last seen 2012-07-02 03:30:05 -0000
itsec.eicp.net. A 123.120.101.189
count 17
first seen 2012-10-23 23:59:06 -0000
last seen 2012-10-24 09:47:21 -0000
itsec.eicp.net. A 123.120.101.204
count 1
first seen 2012-07-11 02:14:59 -0000
last seen 2012-07-11 02:14:59 -0000
itsec.eicp.net. A 123.120.102.25
count 1
first seen 2011-10-10 06:09:30 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 51 of 71

last seen 2011-10-10 06:09:30 -0000
itsec.eicp.net. A 123.120.102.114
count 5
first seen 2012-05-30 06:19:15 -0000
last seen 2012-05-30 13:19:18 -0000
itsec.eicp.net. A 123.120.102.160
count 2
first seen 2012-05-09 01:04:11 -0000
last seen 2012-05-09 01:16:46 -0000
itsec.eicp.net. A 123.120.102.212
count 1
first seen 2012-12-04 03:40:20 -0000
last seen 2012-12-04 03:40:20 -0000
itsec.eicp.net. A 123.120.102.252
count 2
first seen 2012-11-07 23:40:04 -0000
last seen 2012-11-08 02:00:02 -0000
itsec.eicp.net. A 123.120.103.6
count 5
first seen 2012-07-25 00:20:04 -0000
last seen 2012-07-25 04:00:03 -0000
itsec.eicp.net. A 123.120.103.8
count 15
first seen 2012-09-04 00:18:43 -0000
last seen 2012-09-04 00:32:12 -0000
itsec.eicp.net. A 123.120.103.50
count 1
first seen 2012-07-20 07:00:06 -0000
last seen 2012-07-20 07:00:06 -0000
itsec.eicp.net. A 123.120.103.147
count 2
first seen 2012-06-01 01:53:59 -0000
last seen 2012-06-01 02:49:14 -0000
itsec.eicp.net. A 123.120.103.242
count 3
first seen 2012-07-06 12:45:00 -0000
last seen 2012-07-06 14:15:00 -0000
itsec.eicp.net. A 123.120.104.16
count 5
first seen 2012-07-03 06:45:01 -0000
last seen 2012-07-03 09:30:01 -0000
itsec.eicp.net. A 123.120.104.49
count 13
first seen 2012-11-08 03:00:02 -0000
last seen 2012-11-08 11:00:03 -0000
itsec.eicp.net. A 123.120.104.77
count 2
first seen 2012-07-26 01:20:03 -0000
last seen 2012-07-26 03:00:03 -0000
itsec.eicp.net. A 123.120.104.93
count 1
first seen 2012-01-25 04:33:52 -0000
last seen 2012-01-25 04:33:52 -0000
itsec.eicp.net. A 123.120.105.159
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 52 of 71

count 5
first seen 2012-07-12 06:44:59 -0000
last seen 2012-07-12 09:29:59 -0000
itsec.eicp.net. A 123.120.106.70
count 3
first seen 2012-11-06 01:40:03 -0000
last seen 2012-11-06 03:40:05 -0000
itsec.eicp.net. A 123.120.106.92
count 32
first seen 2012-05-17 23:44:22 -0000
last seen 2012-05-18 03:42:27 -0000
itsec.eicp.net. A 123.120.106.139
count 40
first seen 2012-05-11 00:10:12 -0000
last seen 2012-05-14 10:04:49 -0000
itsec.eicp.net. A 123.120.106.234
count 1
first seen 2012-05-03 03:19:38 -0000
last seen 2012-05-03 03:19:38 -0000
itsec.eicp.net. A 123.120.107.6
count 3
first seen 2012-09-24 02:37:53 -0000
last seen 2012-09-24 02:40:06 -0000
itsec.eicp.net. A 123.120.107.63
count 51
first seen 2012-04-10 06:18:58 -0000
last seen 2012-04-10 09:54:24 -0000
itsec.eicp.net. A 123.120.107.82
count 30
first seen 2012-09-07 03:02:48 -0000
last seen 2012-09-07 04:29:57 -0000
itsec.eicp.net. A 123.120.107.130
count 5
first seen 2012-07-03 00:30:02 -0000
last seen 2012-07-03 03:15:01 -0000
itsec.eicp.net. A 123.120.107.173
count 41
first seen 2012-08-31 00:00:03 -0000
last seen 2012-08-31 00:44:18 -0000
itsec.eicp.net. A 123.120.107.211
count 29
first seen 2012-10-29 00:00:07 -0000
last seen 2012-10-29 23:20:07 -0000
itsec.eicp.net. A 123.120.108.2
count 3
first seen 2012-04-17 06:41:26 -0000
last seen 2012-04-17 06:43:28 -0000
itsec.eicp.net. A 123.120.108.46
count 10
first seen 2012-07-31 01:20:01 -0000
last seen 2012-07-31 06:20:01 -0000
itsec.eicp.net. A 123.120.108.71
count 3
first seen 2012-06-25 07:20:02 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 53 of 71

last seen 2012-06-25 08:20:02 -0000
itsec.eicp.net. A 123.120.108.75
count 4
first seen 2012-09-28 08:20:06 -0000
last seen 2012-09-28 12:20:06 -0000
itsec.eicp.net. A 123.120.108.98
count 162
first seen 2012-06-05 23:34:12 -0000
last seen 2012-06-06 08:49:11 -0000
itsec.eicp.net. A 123.120.108.147
count 2
first seen 2012-05-28 07:19:16 -0000
last seen 2012-05-28 08:49:16 -0000
itsec.eicp.net. A 123.120.108.176
count 51
first seen 2012-05-23 23:54:19 -0000
last seen 2012-05-24 04:20:30 -0000
itsec.eicp.net. A 123.120.108.180
count 74
first seen 2012-10-09 23:31:16 -0000
last seen 2012-10-10 04:45:37 -0000
itsec.eicp.net. A 123.120.108.212
count 2
first seen 2012-08-31 08:20:02 -0000
last seen 2012-08-31 10:00:03 -0000
itsec.eicp.net. A 123.120.108.245
count 43
first seen 2012-10-10 23:45:30 -0000
last seen 2012-10-11 00:45:40 -0000
itsec.eicp.net. A 123.120.109.88
count 13
first seen 2012-07-06 06:15:00 -0000
last seen 2012-07-06 12:00:00 -0000
itsec.eicp.net. A 123.120.109.150
count 2
first seen 2012-06-27 07:20:01 -0000
last seen 2012-06-27 09:20:01 -0000
itsec.eicp.net. A 123.120.109.158
count 5
first seen 2012-09-05 02:47:12 -0000
last seen 2012-09-05 04:00:10 -0000
itsec.eicp.net. A 123.120.110.4
count 3
first seen 2012-12-04 00:54:51 -0000
last seen 2012-12-04 01:40:20 -0000
itsec.eicp.net. A 123.120.110.25
count 1
first seen 2012-05-17 06:49:24 -0000
last seen 2012-05-17 06:49:24 -0000
itsec.eicp.net. A 123.120.110.49
count 2
first seen 2012-09-17 23:45:23 -0000
last seen 2012-09-17 23:54:30 -0000
itsec.eicp.net. A 123.120.110.52
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 54 of 71

count 1
first seen 2012-08-31 07:00:03 -0000
last seen 2012-08-31 07:00:03 -0000
itsec.eicp.net. A 123.120.110.78
count 9
first seen 2012-11-25 23:59:54 -0000
last seen 2012-11-26 10:19:54 -0000
itsec.eicp.net. A 123.120.110.172
count 6
first seen 2012-11-30 02:59:53 -0000
last seen 2012-11-30 08:39:54 -0000
itsec.eicp.net. A 123.120.110.212
count 5
first seen 2012-07-02 07:45:01 -0000
last seen 2012-07-02 08:30:03 -0000
itsec.eicp.net. A 123.120.110.233
count 11
first seen 2012-04-18 03:22:00 -0000
last seen 2012-04-18 03:53:05 -0000
itsec.eicp.net. A 123.120.111.168
count 9
first seen 2012-10-11 23:40:15 -0000
last seen 2012-10-12 02:59:31 -0000
itsec.eicp.net. A 123.120.111.201
count 6
first seen 2012-07-06 02:30:00 -0000
last seen 2012-07-06 06:00:00 -0000
itsec.eicp.net. A 123.120.112.147
count 1
first seen 2012-06-11 02:46:56 -0000
last seen 2012-06-11 02:46:56 -0000
itsec.eicp.net. A 123.120.112.180
count 102
first seen 2012-09-25 23:43:34 -0000
last seen 2012-09-26 02:47:11 -0000
itsec.eicp.net. A 123.120.112.218
count 10
first seen 2012-11-01 03:20:07 -0000
last seen 2012-11-01 14:40:10 -0000
itsec.eicp.net. A 123.120.113.17
count 7
first seen 2012-07-17 00:14:57 -0000
last seen 2012-07-17 03:14:58 -0000
itsec.eicp.net. A 123.120.113.45
count 155
first seen 2012-10-26 00:31:27 -0000
last seen 2012-10-26 02:55:06 -0000
itsec.eicp.net. A 123.120.113.120
count 9
first seen 2012-10-25 06:20:09 -0000
last seen 2012-10-25 09:20:09 -0000
itsec.eicp.net. A 123.120.113.245
count 27
first seen 2012-09-24 02:15:59 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 55 of 71

last seen 2012-09-24 02:36:38 -0000
itsec.eicp.net. A 123.120.113.251
count 10
first seen 2012-05-28 00:49:19 -0000
last seen 2012-05-28 06:04:50 -0000
itsec.eicp.net. A 123.120.114.46
count 108
first seen 2012-04-11 07:21:58 -0000
last seen 2012-04-11 13:45:41 -0000
itsec.eicp.net. A 123.120.114.90
count 2
first seen 2012-08-02 08:00:07 -0000
last seen 2012-08-02 09:40:02 -0000
itsec.eicp.net. A 123.120.114.185
count 18
first seen 2012-10-21 23:47:27 -0000
last seen 2012-10-22 10:40:11 -0000
itsec.eicp.net. A 123.120.114.207
count 75
first seen 2012-05-10 06:18:35 -0000
last seen 2012-05-10 09:19:15 -0000
itsec.eicp.net. A 123.120.114.208
count 4
first seen 2012-07-05 07:15:01 -0000
last seen 2012-07-05 08:45:00 -0000
itsec.eicp.net. A 123.120.114.228
count 1
first seen 2012-11-15 00:39:59 -0000
last seen 2012-11-15 00:39:59 -0000
itsec.eicp.net. A 123.120.114.242
count 85
first seen 2012-06-13 23:40:45 -0000
last seen 2012-06-14 04:18:43 -0000
itsec.eicp.net. A 123.120.115.194
count 1
first seen 2012-06-19 08:50:03 -0000
last seen 2012-06-19 08:50:03 -0000
itsec.eicp.net. A 123.120.115.210
count 5
first seen 2012-09-21 03:12:19 -0000
last seen 2012-09-21 04:40:07 -0000
itsec.eicp.net. A 123.120.116.52
count 10
first seen 2012-05-21 07:19:20 -0000
last seen 2012-12-04 13:00:19 -0000
itsec.eicp.net. A 123.120.116.95
count 17
first seen 2012-11-15 04:00:00 -0000
last seen 2012-11-15 22:59:58 -0000
itsec.eicp.net. A 123.120.116.168
count 180
first seen 2012-08-29 00:40:04 -0000
last seen 2012-08-29 06:27:10 -0000
itsec.eicp.net. A 123.120.116.181
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 56 of 71

count 13
first seen 2012-04-09 09:07:53 -0000
last seen 2012-04-09 09:49:46 -0000
itsec.eicp.net. A 123.120.116.185
count 1
first seen 2012-02-03 00:35:25 -0000
last seen 2012-02-03 00:35:25 -0000
itsec.eicp.net. A 123.120.117.47
count 1
first seen 2012-11-08 23:51:19 -0000
last seen 2012-11-08 23:51:19 -0000
itsec.eicp.net. A 123.120.117.74
count 16
first seen 2012-04-26 23:39:38 -0000
last seen 2012-04-27 02:49:36 -0000
itsec.eicp.net. A 123.120.117.83
count 38
first seen 2012-04-12 23:35:39 -0000
last seen 2012-04-13 02:31:53 -0000
itsec.eicp.net. A 123.120.117.100
count 9
first seen 2012-04-16 06:25:44 -0000
last seen 2012-04-16 06:48:33 -0000
itsec.eicp.net. A 123.120.117.189
count 3
first seen 2012-06-27 00:50:04 -0000
last seen 2012-06-27 02:20:40 -0000
itsec.eicp.net. A 123.120.117.214
count 64
first seen 2012-05-21 00:01:22 -0000
last seen 2012-05-21 05:51:13 -0000
itsec.eicp.net. A 123.120.118.98
count 5
first seen 2012-10-30 03:20:07 -0000
last seen 2012-10-30 05:00:08 -0000
itsec.eicp.net. A 123.120.118.101
count 2
first seen 2012-10-07 23:58:23 -0000
last seen 2012-10-07 23:58:23 -0000
itsec.eicp.net. A 123.120.118.107
count 1
first seen 2012-06-08 03:23:26 -0000
last seen 2012-06-08 03:23:26 -0000
itsec.eicp.net. A 123.120.118.127
count 14
first seen 2012-09-23 23:44:26 -0000
last seen 2012-09-23 23:57:00 -0000
itsec.eicp.net. A 123.120.118.132
count 1
first seen 2012-07-19 07:30:07 -0000
last seen 2012-07-19 07:30:07 -0000
itsec.eicp.net. A 123.120.118.139
count 38
first seen 2012-05-13 23:52:08 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 57 of 71

last seen 2012-05-14 03:42:16 -0000
itsec.eicp.net. A 123.120.118.155
count 397
first seen 2012-09-06 06:40:09 -0000
last seen 2012-09-07 03:02:32 -0000
itsec.eicp.net. A 123.120.118.180
count 4
first seen 2012-08-03 00:00:00 -0000
last seen 2012-08-03 02:40:00 -0000
itsec.eicp.net. A 123.120.118.225
count 5
first seen 2012-04-09 01:25:33 -0000
last seen 2012-04-09 01:44:01 -0000
itsec.eicp.net. A 123.120.119.41
count 1
first seen 2012-09-10 23:41:16 -0000
last seen 2012-09-10 23:41:16 -0000
itsec.eicp.net. A 123.120.119.62
count 9
first seen 2012-11-14 03:00:00 -0000
last seen 2012-11-14 11:59:59 -0000
itsec.eicp.net. A 123.120.119.82
count 1
first seen 2012-07-18 00:30:06 -0000
last seen 2012-07-18 00:30:06 -0000
itsec.eicp.net. A 123.120.119.128
count 0
first seen 2012-06-05 01:38:46 -0000
last seen 2012-06-05 01:38:46 -0000
itsec.eicp.net. A 123.120.119.144
count 11
first seen 2012-04-25 02:19:37 -0000
last seen 2012-04-25 09:38:57 -0000
itsec.eicp.net. A 123.120.120.3
count 10
first seen 2012-09-12 02:09:37 -0000
last seen 2012-09-12 03:46:55 -0000
itsec.eicp.net. A 123.120.120.35
count 32
first seen 2012-04-18 01:21:13 -0000
last seen 2012-04-18 03:19:42 -0000
itsec.eicp.net. A 123.120.120.79
count 1
first seen 2011-12-28 02:31:43 -0000
last seen 2011-12-28 02:31:43 -0000
itsec.eicp.net. A 123.120.120.82
count 1
first seen 2012-04-27 08:19:35 -0000
last seen 2012-04-27 08:19:35 -0000
itsec.eicp.net. A 123.120.120.86
count 276
first seen 2012-06-05 10:49:13 -0000
last seen 2012-06-05 23:32:56 -0000
itsec.eicp.net. A 123.120.120.154
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 58 of 71

count 16
first seen 2012-04-26 07:19:36 -0000
last seen 2012-11-07 12:40:03 -0000
itsec.eicp.net. A 123.120.120.174
count 5
first seen 2012-10-15 23:45:45 -0000
last seen 2012-10-16 00:59:19 -0000
itsec.eicp.net. A 123.120.120.235
count 6
first seen 2012-07-19 00:30:07 -0000
last seen 2012-07-19 05:30:07 -0000
itsec.eicp.net. A 123.120.120.252
count 9
first seen 2012-08-27 00:54:34 -0000
last seen 2012-08-27 03:40:04 -0000
itsec.eicp.net. A 123.120.121.6
count 3
first seen 2012-07-09 02:59:59 -0000
last seen 2012-07-09 03:59:59 -0000
itsec.eicp.net. A 123.120.121.51
count 62
first seen 2012-06-20 23:37:13 -0000
last seen 2012-06-21 03:37:11 -0000
itsec.eicp.net. A 123.120.121.53
count 1
first seen 2012-05-29 02:49:16 -0000
last seen 2012-05-29 02:49:16 -0000
itsec.eicp.net. A 123.120.121.56
count 4
first seen 2012-09-13 06:20:10 -0000
last seen 2012-09-13 09:00:10 -0000
itsec.eicp.net. A 123.120.121.80
count 10
first seen 2012-11-29 00:19:53 -0000
last seen 2012-11-29 08:39:53 -0000
itsec.eicp.net. A 123.120.121.149
count 1
first seen 2011-12-26 02:31:38 -0000
last seen 2011-12-26 02:31:38 -0000
itsec.eicp.net. A 123.120.121.164
count 29
first seen 2012-04-16 00:36:01 -0000
last seen 2012-04-16 04:19:43 -0000
itsec.eicp.net. A 123.120.122.3
count 35
first seen 2012-05-15 06:03:10 -0000
last seen 2012-05-15 09:43:28 -0000
itsec.eicp.net. A 123.120.122.46
count 4
first seen 2012-04-28 07:19:34 -0000
last seen 2012-04-28 08:14:00 -0000
itsec.eicp.net. A 123.120.122.88
count 43
first seen 2012-10-12 03:00:01 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 59 of 71

last seen 2012-10-12 03:37:02 -0000
itsec.eicp.net. A 123.120.122.102
count 5
first seen 2012-07-29 02:20:03 -0000
last seen 2012-07-29 06:40:01 -0000
itsec.eicp.net. A 123.120.122.118
count 4
first seen 2012-07-16 01:15:01 -0000
last seen 2012-07-16 03:29:59 -0000
itsec.eicp.net. A 123.120.122.141
count 117
first seen 2012-04-13 02:38:31 -0000
last seen 2012-04-13 11:23:26 -0000
itsec.eicp.net. A 123.120.122.146
count 5
first seen 2012-09-27 07:20:06 -0000
last seen 2012-09-27 09:00:07 -0000
itsec.eicp.net. A 123.120.122.158
count 5
first seen 2012-04-12 00:15:21 -0000
last seen 2012-04-12 00:24:19 -0000
itsec.eicp.net. A 123.120.122.201
count 9
first seen 2012-09-14 02:55:38 -0000
last seen 2012-09-14 03:40:10 -0000
itsec.eicp.net. A 123.120.123.46
count 24
first seen 2012-05-11 00:22:25 -0000
last seen 2012-05-11 03:48:51 -0000
itsec.eicp.net. A 123.120.123.82
count 4
first seen 2012-06-13 06:50:05 -0000
last seen 2012-06-13 11:10:29 -0000
itsec.eicp.net. A 123.120.123.125
count 61
first seen 2012-05-09 23:47:45 -0000
last seen 2012-05-10 02:58:23 -0000
itsec.eicp.net. A 123.120.123.184
count 21
first seen 2012-08-01 00:20:01 -0000
last seen 2012-08-01 07:20:01 -0000
itsec.eicp.net. A 123.120.123.186
count 1
first seen 2012-02-17 06:43:29 -0000
last seen 2012-02-17 06:43:29 -0000
itsec.eicp.net. A 123.120.123.229
count 29
first seen 2012-10-26 02:56:22 -0000
last seen 2012-10-26 04:16:22 -0000
itsec.eicp.net. A 123.120.124.16
count 1
first seen 2011-10-09 06:06:33 -0000
last seen 2011-10-09 06:06:33 -0000
itsec.eicp.net. A 123.120.124.33
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 60 of 71

count 4
first seen 2012-07-31 07:00:00 -0000
last seen 2012-07-31 09:20:01 -0000
itsec.eicp.net. A 123.120.124.41
count 3
first seen 2012-04-09 23:41:17 -0000
last seen 2012-04-09 23:49:46 -0000
itsec.eicp.net. A 123.120.124.43
count 2
first seen 2012-05-02 02:19:39 -0000
last seen 2012-05-02 02:49:37 -0000
itsec.eicp.net. A 123.120.124.55
count 5
first seen 2012-10-23 01:02:52 -0000
last seen 2012-10-23 04:40:09 -0000
itsec.eicp.net. A 123.120.124.74
count 35
first seen 2012-10-18 00:08:44 -0000
last seen 2012-10-18 10:13:14 -0000
itsec.eicp.net. A 123.120.124.149
count 2
first seen 2012-06-25 00:20:03 -0000
last seen 2012-06-25 00:50:03 -0000
itsec.eicp.net. A 123.120.124.165
count 4
first seen 2012-07-11 07:29:58 -0000
last seen 2012-07-11 08:29:59 -0000
itsec.eicp.net. A 123.120.124.168
count 10
first seen 2012-07-29 07:00:12 -0000
last seen 2012-07-29 12:20:02 -0000
itsec.eicp.net. A 123.120.124.197
count 6
first seen 2012-05-08 07:19:33 -0000
last seen 2012-05-08 09:49:33 -0000
itsec.eicp.net. A 123.120.125.4
count 5
first seen 2012-08-03 10:20:01 -0000
last seen 2012-08-03 13:19:59 -0000
itsec.eicp.net. A 123.120.125.156
count 12
first seen 2012-06-12 06:50:06 -0000
last seen 2012-06-12 13:50:05 -0000
itsec.eicp.net. A 123.120.125.225
count 10
first seen 2012-10-02 00:22:10 -0000
last seen 2012-10-02 03:43:44 -0000
itsec.eicp.net. A 123.120.125.226
count 53
first seen 2012-04-17 06:47:00 -0000
last seen 2012-04-17 09:19:42 -0000
itsec.eicp.net. A 123.120.125.245
count 35
first seen 2012-04-09 23:57:04 -0000
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 61 of 71

last seen 2012-04-10 03:32:06 -0000
itsec.eicp.net. A 123.120.126.23
count 4
first seen 2012-07-27 00:20:02 -0000
last seen 2012-07-27 03:40:02 -0000
itsec.eicp.net. A 123.120.126.56
count 17
first seen 2012-05-17 07:58:47 -0000
last seen 2012-05-17 09:49:23 -0000
itsec.eicp.net. A 123.120.126.60
count 6
first seen 2012-06-29 00:50:00 -0000
last seen 2012-06-29 03:50:00 -0000
itsec.eicp.net. A 123.120.126.86
count 41
first seen 2012-04-27 23:35:11 -0000
last seen 2012-04-28 02:19:35 -0000
itsec.eicp.net. A 123.120.126.103
count 16
first seen 2012-10-31 02:20:09 -0000
last seen 2012-10-31 08:20:07 -0000
itsec.eicp.net. A 123.120.126.116
count 13
first seen 2012-11-04 23:57:18 -0000
last seen 2012-11-05 10:40:04 -0000
itsec.eicp.net. A 123.120.126.127
count 159
first seen 2012-09-21 00:49:28 -0000
last seen 2012-09-21 03:11:04 -0000
itsec.eicp.net. A 123.120.126.139
count 14
first seen 2012-11-22 00:39:57 -0000
last seen 2012-11-22 07:39:55 -0000
itsec.eicp.net. A 123.120.126.140
count 3
first seen 2012-07-27 07:40:02 -0000
last seen 2012-07-27 10:00:03 -0000
itsec.eicp.net. A 123.120.126.163
count 33
first seen 2012-04-23 00:49:38 -0000
last seen 2012-04-23 15:03:53 -0000
itsec.eicp.net. A 123.120.126.186
count 5
first seen 2012-09-20 07:40:08 -0000
last seen 2012-09-20 13:40:07 -0000
itsec.eicp.net. A 123.120.126.225
count 48
first seen 2012-06-15 01:20:03 -0000
last seen 2012-06-15 04:20:03 -0000
itsec.eicp.net. A 123.120.127.23
count 5
first seen 2012-11-12 00:00:01 -0000
last seen 2012-11-12 06:40:00 -0000
itsec.eicp.net. A 123.120.127.59
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 62 of 71

count 1
first seen 2012-05-25 09:19:18 -0000
last seen 2012-05-25 09:19:18 -0000
itsec.eicp.net. A 123.120.127.87
count 2
first seen 2012-08-02 00:20:03 -0000
last seen 2012-08-02 03:20:03 -0000
itsec.eicp.net. A 123.120.127.143
count 82
first seen 2012-11-28 00:19:54 -0000
last seen 2012-11-28 23:39:54 -0000
itsec.eicp.net. A 123.120.127.160
count 9
first seen 2012-11-20 23:59:56 -0000
last seen 2012-11-21 09:39:56 -0000
itsec.eicp.net. A 123.120.127.210
count 44
first seen 2012-04-11 00:51:02 -0000
last seen 2012-04-11 09:14:49 -0000
itsec.eicp.net. A 204.16.193.12
count 1677
first seen 2011-09-01 01:38:29 -0000
last seen 2012-12-04 05:00:22 -0000
itsec.eicp.net. A 209.11.241.144
The Windows pcap has October 2012 timestamps due to wrong time / date in the sandbox vm, please disregard, it is actually
Nov.30, 2012. 
File: file.tmp
Size: 61435
MD5:  C3432C1BBDF17EBAF1E10392CF630847 
KERNEL32.DLL
Button
Allow
Identity Protection
Allow for all
AVG Firewall Asks for Confirmation
Load
Software\Microsoft\Windows\CurrentVersion\Run
0x1A7B4C9F
CorExitProcess
mscoree.dll
runtime error 
TLOSS error
SING error
DOMAIN error
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native
constructor or from DllMain.
R6032
- not enough space for locale information
R6031
- Attempt to initialize the CRT more than once.
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 63 of 71

This indicates a bug in your application.
R6030
- CRT not initialized
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
R6010
- abort() has been called
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point support not loaded
8j@
@i@
@h@
xg@
(g@
Hf@
xb@
\b@
@b@
8b@
@Microsoft Visual C++ Runtime Library
...
<program name unknown>
Runtime Error!
Program: 
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
USER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
July
June
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 64 of 71

April
March
February
January
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
Sat
Fri
Thu
Wed
Tue
Mon
Sun
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
July
June
April
March
February
January
Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
Sat
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 65 of 71

Fri
Thu
Wed
Tue
Mon
Sun
         (((((                  H
         h((((                  H
                                 H
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?
@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
"/@
&/@
a6@
)@@
qH@
lstrlenA
VirtualFree
ReadFile
SetFilePointer
GetFileSize
CreateFileA
CloseHandle
GetLastError
CreateMutexA
KERNEL32.dll
GetCommandLineA
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
WideCharToMultiByte
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 66 of 71

EnterCriticalSection
LoadLibraryW
HeapFree
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
HeapAlloc
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
|p@
tp@
lp@
`p@
Tp@
Lp@
@p@
<p@
8p@
4p@
0p@
,p@
(p@
$p@
 p@
,p@
to@
lo@
do@
\o@
To@
Lo@
Do@
<o@
,o@
xn@
pn@
hn@
`n@
Pn@
<n@
0n@
$n@
dm@
Pm@
(v@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 67 of 71

</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
1*151@1K1U1Z1k1v1
2 2?2E2{2
3!3@3F3
4#4/4;4C4L4Y4g4w4
555<5I5j5w5
5&6?6]6q6
607
8Z8_8i8
8*90969<9B9H9O9V9]9d9k9r9y9
:1;7;D;J;S;Z;|;
<.<8<=<Y<c<y<
=A=H=b=i=
=6>I>[>
>/?<?Q?
2 2*2;2F2
4%4*404
425>5X5~5
6V6`6
7'7U7x7~7
8!8-838;8A8M8S8`8j8p8z8
9G9M9S9i9
9!:D:N:
; ;(;/;4;<;E;Q;V;[;a;e;k;p;v;{;
<5<Y<e<q<
=N>h>
?<?B?G?S?Z?d?v?
0@0
1#1R1X1`1
2r2{2
3'393
4#404n4u4
5;5N5U5]5
6.6
6H7M7_7}7
9&9/9:9?9H9R9]9
< <
=C=L=X=
>$>
0_0g0|0
1A1x1
102M2
3$3
4%4A4J4P4Y4^4m4
4M5
506
6G7u7
8Q8
9::l:
; ;$;(;,;0;z;
<$<(<,<M<w<
= =$=(=
>#>
?$?0?g?
{0K1
2l6~6
7"747F7X7j7|7
7A8M8
8n:
;$;,;4;<;D;
8$9(9H9h9t9
:4:8:X:x:
3H7H8L8P8T8X8\8`8d8h8l8p8t8x8|8
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 68 of 71

9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
:(:8:H:l:x:|:
u{}r
ffhfffofff
effKfffHbffGfff=bff2
ffffffgfff
WPH
ffffff
ffffffffffff
ffffffffffff
ffffffffff
Qffffffffffff
ffffffff
ffffffff:"
fffffffffffffffffffffffffffffffffffffffffffffffffffff
\RRUffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffV\^VffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffV\
fffffffffffffO
oXZ
4XY
,Sc
ff!
!fOff
ffFf
!fOffa
ff%f
!fOff
!fOff>
ff4e
!fOff
!fOff
ff.fp
fOf
T#xY
;FC
.]km
pB!3
2_ws
M32crsvadt
piva
u32r3semp2
f,Z
fqq
Iff
q2.
fqff
qnIq
qvw
q*Iq
f{r
XZY5A
gl]
gsY
Vj9
23016A45boB
.iot
oniinptpt
f,f
f,f
pV,
n[/g
YogjY
gs]
SARTWMiE\oscrt\ofndWis\owrrCutVensier\Ionerntt nettSegsinro
PEnxyleabro
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 69 of 71

PSexyerrvtt
Z[XYFGDE
HINO
23016745:;89>
!&'$%*S()VWTUBC@A^_\]bc`afgdejkh
nstlm
qupz
BC@AFGDEJK"INOLMR
!# H&'$%*+().0,-3/126745:;89>
VWTU
[XZ
\]bc
hiopmnstqrwxuv
 !"%
<()&',.*+-1/052348967$>:#AB
?DF@C
*j=
*j=
*j=
*j=
*j=
,e5
f,f
f,f
8f,
f,f
f,f
f,f
M_C
atreogeLreTh
Q`y
_!$
Ya^3r
rnke32elll.dni
IaltieCiztirilScatiec
IZ!f
gnY
gsY/g
[n]gi
gl]
/In
rnke32elll.dni
IaltieCiztirilScatiec
onu
K nh
K nh
[nh
{a_
{Y<
cIvGJe
nlwionogxe.eIN
WGOLOEXN.sfE
dlc.sfl
osc_ll.dRQ
Yhj2
CYZ_^
VWRQ
rttaSY %EMSTOTROsy%\emst
C321.:\t
ba67cdBCB1
hVj
Ph3
Pjj
3VW
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 70 of 71

G f0f
PA3
e@H
:VWj
^Y]_
0dg@
t2P
3P3
4CX
j=A
V67
OdV
i3gddl2.Crl
teeaA
DCtDGeicevapeCCrs
teeampCoibatDClere
CeCatpaombltiiteBp
maleSeObctctjeit
BltOGeecbj
GtAStetkOocecbjSet
ctlelePae
ttalReePizetal
GteDIettsBiel
DeOetecbjDet
tele
DDCPLIS
WAYStin
Da0auef
Q!Jy
,},y
f,f,
f,f
f,f,
YnzKX
!,I
!,]
%,Q
%,m
_3s2dl2.wil
ownddls.nol
e0isat.dub
sdas.ret
.dgs
satr.sgt
dandwis.onl
dlplexerorxe.etf
cn.moe
exnwwim.ore
ff1da
a<f
a<f
e=f
a=f
Source: http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html
Page 71 of 71