Infected Target:  192.168.184.128
Score:            1.0 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       207.10.232.21, 66.29.58.119, 69.41.162.77
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   06/10/2008 21:47:12.710 PDT
Gen. Time:        06/10/2008 21:51:53.320 PDT

INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT (slade)
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    207.10.232.21 (21:49:08.085 PDT)
       event=1:2008104 {udp} E4[rb] ET TROJAN Bobax/Kraken/Oderoor UDP 447 CnC Channel Initial Packet Outbound
          1043->447 (21:49:08.085 PDT)
       
    66.29.58.119 (21:49:58.874 PDT)
       event=1:2008104 {udp} E4[rb] ET TROJAN Bobax/Kraken/Oderoor UDP 447 CnC Channel Initial Packet Outbound
          1047->447 (21:49:58.874 PDT)
       
    69.41.162.77 (21:50:49.955 PDT)
       event=1:2008104 {udp} E4[rb] ET TROJAN Bobax/Kraken/Oderoor UDP 447 CnC Channel Initial Packet Outbound
          1051->447 (21:50:49.955 PDT)
       
PEER COORDINATION
    <unobserved>
    
OUTBOUND SCAN
    192.168.184.2 (4) (21:47:12.710 PDT)
       event=777:7777005 (4) {tcp} E5[bh] Detected moderate malware port scanning of 9 IPs (6 /24s) (# pkts S/M/O/I=1/57/12/4): 137u:47, 138u:10
          0->0 (21:47:12.710 PDT)
          0->0 (21:48:43.297 PDT)
          0->0 (21:50:17.530 PDT)
          0->0 (21:51:53.320 PDT)
       
ATTACK PREP
    <unobserved>
    
DECLARE BOT
    <unobserved>
    
tcpslice 1213159632.710 1213159632.711 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.184.128'