BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Nachi_botHunter.txt
  Last Updated: Tue Dec 29 11:44:49 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.1.102
 2.1 VIEW 1
  • 210.245.211.11 Country: Iraq (Iq), City: Bagdad.
  • 1:299913 {tcp} Inbound Attack: SHELLCODE x86 0x90 unicode NOOP; 135<-1292
  • 1:3000003 {tcp} Egg Download: BotHunter HTTP-based .exe Upload on backdoor port; 1035->80
  • 1:1444 (2) {udp} Egg Download: TFTP GET from external source; 1028->69
  • 1:2008120 (2) {udp} Egg Download: ET POLICY Outbound TFTP Read Request; 1028->69
  • 1:3001441 (2) {udp} Egg Download: TFTP GET .exe from external source; 1028->69
  • 1:52123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 1027->707