BotHunter Daily Analysis Index

BotHunter ®
Cyber-TA Internet Release
Computer Science Laboratory
SRI International

SAMPLE NAME: IRCBot.ABHQ_botHunter.txt
Last Updated: Tue Dec 29 11:44:48 2009

www.BOTHUNTER.net

Victim IP	Max Score	Profiles	CCs	Events
192.168.71.196	1.8	VIEW 1	221.6.6.232 Country: China (Cn), City: (Unknown City).	1:2000355 {tcp} C&C Communication: ET POLICY IRC authorization message; 3008<-81 1:2008124 {tcp} C&C Communication: ET TROJAN Likely Bot Nick in IRC (USA +..); 3008->81 1:2600100 {udp} Attack Prep: SPYWARE-DNS DNS lookup 10 chars (.com); 1026->53 1:2404006 (3) {tcp} Bot Space Access: ET DROP Known Bot C&C Server Traffic (group 7) ; 3008->81