BotHunter Daily Analysis Index

BotHunter ®
Cyber-TA Internet Release
Computer Science Laboratory
SRI International

SAMPLE NAME: Gobot_botHunter.txt
Last Updated: Tue Dec 29 11:44:47 2009

www.BOTHUNTER.net

Victim IP	Max Score	Profiles	CCs	Events
192.168.184.132	1.3	VIEW 1	180.134.98.84 Country: (Unknown Country?) City: (Unknown City?).	1:2002973 {tcp} Outbound Attack: BLEEDING-EDGE Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor; 1295->3127 1:2002973 {tcp} Outbound Attack: BLEEDING-EDGE Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor; 1049->3127 1:2002973 {tcp} Outbound Attack: BLEEDING-EDGE Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor; 1233->3127 1:2002973 {tcp} Outbound Attack: BLEEDING-EDGE Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor; 1099->3127 777:7777005 {tcp} Outbound Scan: Detected moderate malware port scanning of 9 IPs (7 /24s) (# pkts S/M/O/I=1/45/8/4): 137u:35, 138u:10 1:2002973 {tcp} Outbound Attack: BLEEDING-EDGE Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor; 1168->3127