BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Welchia_botHunter.txt
  Last Updated: Tue Dec 29 13:39:03 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.1.152
 1.3 VIEW 1
  • 1:22351 {tcp} Inbound Attack: REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode MAC_Dst: 00:30:48:30:03:AE; 135<-23586
  • 1:2299913 {tcp} Inbound Attack: ET SHELLCODE x86 0x90 unicode NOOP MAC_Dst: 00:30:48:30:03:AE; 135<-23586
  • 1:1444 (2) {udp} Egg Download: TFTP GET from external source; 1028->69
  • 1:2008120 (2) {udp} Egg Download: ET POLICY Outbound TFTP Read Request; 1028->69
  • 1:3001441 (2) {udp} Egg Download: TFTP GET .exe from external source; 1028->69
  • 1:552123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 1027->707