BotHunter Daily Analysis Index

BotHunter ®
Cyber-TA Internet Release
Computer Science Laboratory
SRI International

SAMPLE NAME: Mytob_botHunter.txt
Last Updated: Mon Dec 28 21:16:07 2009

www.BOTHUNTER.net

Victim IP	Max Score	Profiles	CCs	Events
192.168.71.136	2.3	VIEW 1	65.98.34.74 Country: United States (Us), City: (Unknown City). 81.95.149.235 (Eb.95.5f51.Static.Theplanet.Com), Country: Romania (Ro), City: Iasi.	1:2003427 {tcp} C&C Communication: ET WORM Bagle Worm User-Agent (DEBUT.TMP); 3011->80 777:7777005 (2) {tcp} Outbound Scan: Detected moderate malware port scanning of 9 IPs (6 /24s) (# pkts S/M/O/I=9/16/4/6): 137u:16 1:2600040 {udp} Attack Prep: SPYWARE-DNS DNS lookup 3 chars (.by); 1027->53 1:2600129 {udp} Attack Prep: SPYWARE-DNS DNS lookup 3 chars (.com); 1027->53 1:2406000 {tcp} Bot Space Access: ET rbN Known Russian Business Network Traffic - Hosting Nets; 3009->80 1:2406030 {tcp} Bot Space Access: ET RBN Known Russian Business Network Monitored Domains (26); 3009->80