BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Cheburgen.A_botHunter.txt
  Last Updated: Tue Dec 29 11:44:46 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.1.41
 2.6 VIEW 2
  • 210.245.211.11 Country: Iraq (Iq), City: Bagdad.
  • 1:299913 {tcp} Inbound Attack: SHELLCODE x86 0x90 unicode NOOP; 135<-3083
  • 1:1444 (3) {udp} Egg Download: TFTP GET from external source; 1029->69
  • 1:2008120 (3) {udp} Egg Download: ET POLICY Outbound TFTP Read Request; 1029->69
  • 1:3001441 (3) {udp} Egg Download: TFTP GET .exe from external source; 1029->69
  • 1:2003603 {tcp} C&C Communication: ET TROJAN W32.Virut.A joining an IRC Channel; 1032->65520
  • 1:52123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 1027->707
  • 1:3000014 {tcp} Bot Space Access: BotHunter Known Command and Control Server (International); 1032->65520