BotHunter Daily Analysis Index

BotHunter ®
Cyber-TA Internet Release
Computer Science Laboratory
SRI International

SAMPLE NAME: Rbot.Klone_botHunter.txt
Last Updated: Tue Dec 29 13:38:33 2009

www.BOTHUNTER.net

Victim IP	Max Score	Profiles	CCs	Events
192.168.1.149	1.6	VIEW 6	63.173.172.98 Country: Yemen (Ye), City: Sanaa.	1:21390 (2) {tcp} Inbound Attack: REGISTERED FREE SHELLCODE x86 inc ebx NOOP; 139<-2433 1:299998 (2) {tcp} Inbound Attack: SHELLCODE x86 inc ebx NOOP; 139<-2433 1:2001683 {tcp} Egg Download: BLEEDING-EDGE Malware Windows executable sent from remote host; 68<-2676 1:3000005 {tcp} Egg Download: BotHunter MALWARE executable upload; 139<-2433 1:5001684 {tcp} Egg Download: BotHunter Malware Windows executable (PE) sent from remote host; 68<-2676 1:2404008 (2) {tcp} Bot Space Access: ET DROP Known Bot C&C Server Traffic (group 9) ; 1029->6667 1:2404008 (2) {tcp} Bot Space Access: ET DROP Known Bot C&C Server Traffic (group 9) ; 1036->6667 1:3000014 (2) {tcp} Bot Space Access: BotHunter Known Command and Control Server (International); 1036->6667 1:2404008 {tcp} Bot Space Access: ET DROP Known Bot C&C Server Traffic (group 9) ; 1036->6667