BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Kolab_botHunter.txt
  Last Updated: Mon Dec 28 21:15:14 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.169.223.128
 2.9 VIEW 1
  • 130.67.20.57 (Ti100710a140-0309.Dialup.Online.No), Country: Norway (No), City: Lillehammer.
  • 1:22000346 {tcp} Inbound Attack: ET ATTACK RESPONSE IRC - Name response on non-std port MAC_Dst: 00:30:48:30:03:AE; 1032<-3305
  • 1:2000419 {tcp} Egg Download: ET POLICY PE EXE or DLL Windows file download; 68<-2094
  • 1:3300001 {tcp} Egg Download: BotHunter Scrip-based Windows egg download .exe; 1130->1889
  • 1:3300007 {tcp} Egg Download: BotHunter Malware Windows executable (PE) sent from remote host; 68<-2094
  • 777:7777005 {tcp} Outbound Scan: Detected moderate malware port scanning of 11 IPs (11 /24s) (# pkts S/M/O/I=0/9/8/0): 445:9
  • 1:552123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 1130->1889