BotHunter Daily Analysis Index

BotHunter ®
Cyber-TA Internet Release
Computer Science Laboratory
SRI International

SAMPLE NAME: Adload-Trojan.bp_botHunter.txt
Last Updated: Tue Dec 29 13:38:00 2009

www.BOTHUNTER.net

Victim IP	Max Score	Profiles	CCs	Events
192.168.71.198	2.8	VIEW 1	72.232.195.26 (26.195.232.72.Static.Reverse.Ltdomains.Com), Country: United States (Us), City: Plano, Tx. 72.233.60.106 (106.60.233.72.Static.Reverse.Ltdomains.Com), Country: (Unknown Country?) City: (Unknown City?). 208.72.168.191 Country: United States (Us), City: Newark, De.	1:2003380 {tcp} Egg Download: ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19, etc); 3016->80 1:2001683 (4) {tcp} Egg Download: BLEEDING-EDGE Malware Windows executable sent from remote host; 3009<-80 1:2003380 (9) {tcp} Egg Download: ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19, etc); 3007->80 1:5001684 {tcp} Egg Download: BotHunter Malware Windows executable (PE) sent from remote host; 3013<-80 1:2005320 {tcp} C&C Communication: ET MALWARE Suspicious User-Agent (MyAgent); 3063->80 1:2008399 {tcp} C&C Communication: ET TROJAN contacy.info Trojan Checkin (User agent clk_jdfhid); 3023->80