BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Torpig_botHunter.txt
  Last Updated: Mon Jan 4 23:04:42 2010
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.1.135
 0.8 VIEW 30
  • 72.51.43.97 (San4.Ehmalstalling.Com), Country: United States (Us), City: Los Angeles, Ca.
  • 115.124.108.153 Country: United States (Us), City: San Jose, Ca.
  • 74.125.19.103 (Nuq04s01-In-F103.1e100.Net), Country: United States (Us), City: Macedonia, Oh.
  • 74.125.19.105 (Nuq04s01-In-F105.1e100.Net), Country: United States (Us), City: Macedonia, Oh.
  • 74.125.19.147 (Nuq04s01-In-F147.1e100.Net), Country: United States (Us), City: Macedonia, Oh.
  • 1:2008660 {tcp} C&C Communication: ET TROJAN Torpig Infection Reporting, ; 19513->80
  • 777:7777005 {udp} Outbound Scan: Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=783/0/3/0): 53u:783, 843:3
  • 1:2008660 {tcp} C&C Communication: ET TROJAN Torpig Infection Reporting, ; 19514->80
  • 1:2008660 {tcp} C&C Communication: ET TROJAN Torpig Infection Reporting, ; 19524->80
  • 777:7777005 (2) {udp} Outbound Scan: Detected intense non-malware port scanning of 26 IPs (26 /24s) (# pkts S/M/O/I=817/0/3/0): 53u:817, 843:3
  • 1:2008660 {tcp} C&C Communication: ET TROJAN Torpig Infection Reporting, ; 43609->80
  • 777:7777005 {udp} Outbound Scan: Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=125/0/0/0): 53u:125
  • 1:2008660 {tcp} C&C Communication: ET TROJAN Torpig Infection Reporting, ; 41489->80
  • 777:7777005 {udp} Outbound Scan: Detected intense non-malware port scanning of 21 IPs (21 /24s) (# pkts S/M/O/I=165/0/0/0): 53u:165
  • 1:2008660 {tcp} C&C Communication: ET TROJAN Torpig Infection Reporting, ; 13014->80
  • 777:7777005 (2) {udp} Outbound Scan: Detected intense non-malware port scanning of 24 IPs (24 /24s) (# pkts S/M/O/I=1176/0/11/0): 53u:1176, 43939:2, 843:3, 8080:6
  • 1:2008660 {tcp} C&C Communication: ET TROJAN Torpig Infection Reporting, ; 13019->80
  • 1:2008660 {tcp} C&C Communication: ET TROJAN Torpig Infection Reporting, ; 13071->80
  • 1:2008660 {tcp} C&C Communication: ET TROJAN Torpig Infection Reporting, ; 13096->80
  • 1:2008660 {tcp} C&C Communication: ET TROJAN Torpig Infection Reporting, ; 13106->80