BotHunter ®
  Cyber-TA Internet Release
  Computer Science Laboratory
  SRI International


  SAMPLE NAME:    Zeus_Findwhat_botHunter.txt
  Last Updated: Mon Dec 28 21:20:58 2009
BOTHUNTER LOGO
www.BOTHUNTER.net


Victim IP
 		Max Score
 		Profiles
 		CCs
 		Events
192.168.1.111
 1.0 VIEW 15
  • 204.137.28.195 (Static-204-137-28-195.Adknowledge.Com), Country: (Unknown Country?) City: (Unknown City?).
  • 66.150.51.154 Country: United States (Us), City: (Unknown City).
  • 66.150.51.151 Country: United States (Us), City: (Unknown City).
  • 1:2008100 {tcp} Egg Download: ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download, [/neo/cfg.bin]; 1054->80
  • 1:2003579 {tcp} C&C Communication: ET MALWARE Findwhat.com Spyware (clickthrough), [/bin/findwhat.dll?clickthrough&y=52593&x=:J86x75owrR6trTPiapZZoljv3gqwtBNwSjtYoCC5MGKx0:Ojd7Qq3vbwf5y;Mx;2Rgpaox6MMd91oBiy2cWCM]; 1330->80
  • 1:2003579 (2) {tcp} C&C Communication: ET MALWARE Findwhat.com Spyware (clickthrough), [/bin/findwhat.dll?clickthrough&y=52593&x=:J86x75owrR6trTPiapZZoljv3gqwtBNwSjtYoCC5MGKx0:Ojd7Qq3vbwf5y;Mx;2Rgpaox6MMd91oBiy2cWCM]; 1330->80
  • 1:2003179 {tcp} Egg Download: ET POLICY exe download without User Agent, [/setup_233.exe]; 1582->80
  • 1:2003579 {tcp} C&C Communication: ET MALWARE Findwhat.com Spyware (clickthrough), [/bin/findwhat.dll?clickthrough&y=52593&x=W2ba9w0Ls:Q2O0nIBceqiqbxEEQUx;tSx9BmrapYsZkN9CY9kq:h:T1GxF2wTe2JpwBsdaSIw:b26qMXYI0aMe]; 1682->80
  • 1:2003579 (4) {tcp} C&C Communication: ET MALWARE Findwhat.com Spyware (clickthrough), [/bin/findwhat.dll?clickthrough&y=52593&x=W2ba9w0Ls:Q2O0nIBceqiqbxEEQUx;tSx9BmrapYsZkN9CY9kq:h:T1GxF2wTe2JpwBsdaSIw:b26qMXYI0aMe]; 1682->80
  • 1:2003179 {tcp} Egg Download: ET POLICY exe download without User Agent, [/setup_233.exe]; 3610->80
  • 1:2003579 (2) {tcp} C&C Communication: ET MALWARE Findwhat.com Spyware (clickthrough), [/bin/findwhat.dll?clickthrough&y=55686&x=mJ7LKEp0wAc6:Ad9U3Cq1SD:Y3ReJJaWJdj9YSCQFM5cKDgsjd8nevTEJiGlHvXUyzdDxJDGCFoYAtR;2DajQF]; 3472->80
  • 1:2003179 {tcp} Egg Download: ET POLICY exe download without User Agent, [/setup_233.exe]; 4037->80
  • 1:2003579 {tcp} C&C Communication: ET MALWARE Findwhat.com Spyware (clickthrough), [/bin/findwhat.dll?clickthrough&y=52593&x=RUiik2SIWcYW;u;oeYIXAOWdMxOti6IfWTrc;OtVQQYOkDAxuOrnNi8A2ZIDCu4DijAlXEjTOueoAT4AtXTZtQ]; 4120->80
  • 1:2003179 {tcp} Egg Download: ET POLICY exe download without User Agent, [/setup_233.exe]; 4657->80
  • 1:2008100 {tcp} Egg Download: ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download, [/neo/cfg.bin]; 2370->80
  • 1:2003179 {tcp} Egg Download: ET POLICY exe download without User Agent, [/setup_233.exe]; 2804->80
  • 1:2003179 {tcp} Egg Download: ET POLICY exe download without User Agent, [/setup_233.exe]; 1048->80