BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Virtool.DelfInject.T_botHunter.txt
  Last Updated: Tue Dec 29 11:45:18 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.1.166
 2.3 VIEW 2
  • 194.90.224.86 Country: Israel (Il), City: (Unknown City).
  • 210.245.211.11 Country: Iraq (Iq), City: Bagdad.
  • 1:21390 (2) {tcp} Inbound Attack: REGISTERED FREE SHELLCODE x86 inc ebx NOOP; 445<-1170
  • 1:22001944 {tcp} Inbound Attack: BLEEDING-EDGE EXPLOIT MS04-007 Kill-Bill ASN1 exploit attempt; 445<-1170
  • 1:299998 (2) {tcp} Inbound Attack: SHELLCODE x86 inc ebx NOOP; 445<-1170
  • 1:3000003 (2) {tcp} Egg Download: BotHunter HTTP-based .exe Upload on backdoor port; 1038->80
  • 1:2008394 {tcp} Egg Download: ET CURRENT_EVENTS Likely Trojan-Downloader.Win32.Homles.br (/17PHolmes.cmt); 1040->80
  • 1:2008438 {tcp} Egg Download: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File; 1040<-80
  • 1:3000014 {tcp} Bot Space Access: BotHunter Known Command and Control Server (International); 1037->65520