Infected Target:  192.168.184.129
Score:            1.3 (>= 0.8)
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       <unobserved>
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   06/12/2008 21:44:42.675 PDT
Gen. Time:        06/12/2008 21:48:45.669 PDT

INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT (slade)
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
OUTBOUND SCAN
    192.168.184.2 (2) (21:45:42.695 PDT)
       event=777:7777005 (2) {tcp} E5[bh] Detected moderate malware port scanning of 9 IPs (7 /24s) (# pkts S/M/O/I=1/72/17/4): 137u:58, 138u:14
          0->0 (21:45:42.695 PDT)
          0->0 (21:47:22.735 PDT)
       
ATTACK PREP
    <unobserved>
    
DECLARE BOT
    24.58.101.166 (21:46:44.954 PDT)
       event=1:3000012 {tcp} E8[rb] BotHunter Nugache Server Communications)
          1037->8 (21:46:44.954 PDT)
       
    69.141.98.226 (21:44:42.675 PDT)
       event=1:3000012 {tcp} E8[rb] BotHunter Nugache Server Communications)
          1031->8 (21:44:42.675 PDT)
       
    24.217.137.235 (21:48:45.669 PDT)
       event=1:3000012 {tcp} E8[rb] BotHunter Nugache Server Communications)
          1043->8 (21:48:45.669 PDT)
       
tcpslice 1213332282.675 1213332282.676 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.184.129'