Score:            1.0 (>= 0.8)
Infected Target:  192.168.1.102
Infector List:    <unobserved>
Egg Source List:  199.59.149.232, 199.59.150.9, 199.59.150.41, 199.59.148.87, 199.59.148.20
C & C List:       216.239.36.25
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   01/13/2013 22:04:33.774 PST
Gen. Time:        01/13/2013 23:14:31.038 PST


INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT MALWARE DNS
    <unobserved>
    
EGG DOWNLOAD
    199.59.149.232 (22:09:06.749 PST)
       event=1:2013036 {tcp} E3[rb] ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby, [] MAC_Src: 00:21:1C:EE:14:00
          47972<-80 (22:09:06.749 PST)
       
    199.59.150.9 (4) (22:04:33.774 PST-22:14:20.478 PST)
       event=1:2013036 (4) {tcp} E3[rb] ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby, [] MAC_Src: 00:21:1C:EE:14:00
          41428<-80 (22:04:33.774 PST)
          48816<-80 (22:06:05.084 PST)
          2: 53709<-80 (22:13:50.476 PST-22:14:20.478 PST)
       
    199.59.150.41 (22:09:58.745 PST)
       event=1:2013036 {tcp} E3[rb] ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby, [] MAC_Src: 00:21:1C:EE:14:00
          59118<-80 (22:09:58.745 PST)
       
    199.59.148.87 (5) (22:06:57.023 PST-22:08:57.818 PST)
       event=1:2013036 (5) {tcp} E3[rb] ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby, [] MAC_Src: 00:21:1C:EE:14:00
          38406<-80 (22:13:11.456 PST)
          2: 46405<-80 (22:08:27.810 PST-22:08:57.818 PST)
          49992<-80 (22:06:57.023 PST)
          39441<-80 (22:12:19.476 PST)
       
    199.59.148.20 (6) (22:05:26.293 PST-22:12:15.439 PST)
       event=1:2013036 (6) {tcp} E3[rb] ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby, [] MAC_Src: 00:21:1C:EE:14:00
          53475<-80 (22:05:26.293 PST)
          2: 44566<-80 (22:11:45.435 PST-22:12:15.439 PST)
          2: 45953<-80 (22:10:37.636 PST-22:11:07.635 PST)
          47126<-80 (22:07:35.556 PST)
       
C and C TRAFFIC
    216.239.36.25 (23:14:31.038 PST)
       event=1:2007962 {tcp} E4[rb] ET TROJAN Vipdataend C&C Traffic Checkin, [] MAC_Src: 00:21:5A:08:EC:40
          35122->3306 (23:14:31.038 PST)
       
C and C TRAFFIC (RBN)
    <unobserved>
    
C and C DNS CHECK-IN
    <unobserved>
    
OUTBOUND SKYPE CANDIDATE
    <unobserved>
    
OUTBOUND SCAN (spp)
    <unobserved>
    
OUTBOUND SCAN
    <unobserved>
    
ATTACK PREP
    <unobserved>
    
PEER COORDINATION Info
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
DECLARE BOT Standard Port
    <unobserved>
    
DECLARE BOT Non-standard Port
    <unobserved>
    
DECLARE BOT
    <unobserved>
    
OUTBOUND INTENSE MALWARE PORT SCAN
    <unobserved>
    
tcpslice 1358143473.774 1358144060.479 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.1.102'

============================== SEPARATOR ================================