Score: 0.8 (>= 0.8) Infected Target: 192.168.1.37 Infector List: Egg Source List: C & C List: Peer Coord. List: Resource List: Observed Start: 11/29/2011 16:19:16.890 PST Gen. Time: 11/29/2011 16:19:16.890 PST INBOUND SCAN EXPLOIT EXPLOIT MALWARE DNS EGG DOWNLOAD C and C TRAFFIC C and C TRAFFIC (RBN) C and C DNS CHECK-IN OUTBOUND SKYPE CANDIDATE OUTBOUND SCAN (spp) OUTBOUND SCAN ATTACK PREP PEER COORDINATION DECLARE BOT 74.125.224.83 (16:19:16.890 PST) event=1:9910028 {tcp} E8[rb] BotHunter Version 1.X Test Rule, [/bothunter/testpage-1.X.html] MAC_Src: 00:01:64:FF:CE:EA 49172->80 (16:19:16.890 PST) tcpslice 1322612356.890 1322612356.891 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.1.37' ============================== SEPARATOR ================================ Score: 0.8 (>= 0.8) Infected Target: 192.168.1.37 Infector List: Egg Source List: C & C List: Peer Coord. List: Resource List: Observed Start: 11/29/2011 16:19:16.890 PST Gen. Time: 11/29/2011 16:22:48.612 PST INBOUND SCAN EXPLOIT EXPLOIT MALWARE DNS EGG DOWNLOAD C and C TRAFFIC C and C TRAFFIC (RBN) C and C DNS CHECK-IN OUTBOUND SKYPE CANDIDATE OUTBOUND SCAN (spp) OUTBOUND SCAN ATTACK PREP PEER COORDINATION DECLARE BOT 74.125.224.83 (2) (16:19:16.890 PST) event=1:9910028 (2) {tcp} E8[rb] BotHunter Version 1.X Test Rule, [/bothunter/testpage-1.X.html] MAC_Src: 00:01:64:FF:CE:EA 49172->80 (16:19:16.890 PST) 49174->80 (16:21:48.413 PST) tcpslice 1322612356.890 1322612356.891 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.1.37' ============================== SEPARATOR ================================ Score: 0.8 (>= 0.8) Infected Target: 192.168.1.37 Infector List: Egg Source List: C & C List: Peer Coord. List: Resource List: Observed Start: 11/29/2011 16:25:02.007 PST Gen. Time: 11/29/2011 16:25:02.007 PST INBOUND SCAN EXPLOIT EXPLOIT MALWARE DNS EGG DOWNLOAD C and C TRAFFIC C and C TRAFFIC (RBN) C and C DNS CHECK-IN OUTBOUND SKYPE CANDIDATE OUTBOUND SCAN (spp) OUTBOUND SCAN ATTACK PREP PEER COORDINATION DECLARE BOT 74.125.224.81 (16:25:02.007 PST) event=1:9910028 {tcp} E8[rb] BotHunter Version 1.X Test Rule, [/bothunter/testpage-1.X.html] MAC_Src: 00:01:64:FF:CE:EA 49223->80 (16:25:02.007 PST) tcpslice 1322612702.007 1322612702.008 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.1.37' ============================== SEPARATOR ================================ Score: 0.8 (>= 0.8) Infected Target: 192.168.1.37 Infector List: Egg Source List: C & C List: Peer Coord. List: Resource List: Observed Start: 11/29/2011 16:57:44.268 PST Gen. Time: 11/29/2011 16:57:44.268 PST INBOUND SCAN EXPLOIT EXPLOIT MALWARE DNS EGG DOWNLOAD C and C TRAFFIC C and C TRAFFIC (RBN) C and C DNS CHECK-IN OUTBOUND SKYPE CANDIDATE OUTBOUND SCAN (spp) OUTBOUND SCAN ATTACK PREP PEER COORDINATION DECLARE BOT 74.125.224.82 (16:57:44.268 PST) event=1:9910028 {tcp} E8[rb] BotHunter Version 1.X Test Rule, [/bothunter/testpage-1.X.html] MAC_Src: 00:01:64:FF:CE:EA 49427->80 (16:57:44.268 PST) tcpslice 1322614664.268 1322614664.269 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.1.37' ============================== SEPARATOR ================================