I use Afterglow to process Nepenthes' logged_submission[1] logs. I needed to see how many hosts are associated with the same malicious binary. So the graph above one can see attacking hosts (green), a host that is hosting the malware (grey) and the binary that gets pulled from it (blue).
While I'm at this I might as well mention that I made the graph above a couple of days before meeting Mr. Marty at a conf in Indonesia :-)
[1] A typical logged_submission logs look like this:
[2007-03-29T17:22:47] 172.16.0.100 -> 172.16.0.10 tftp://172.16.0.100:69/teekids.exe 7097c55ee0535457025dd158bb1988bb