Score:            1.0 (>= 0.8)
Infected Target:  192.168.1.100
Infector List:    <unobserved>
Egg Source List:  199.59.149.232, 199.59.150.9, 199.59.148.87, 199.59.148.20
C & C List:       199.255.189.60
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   01/14/2013 23:53:28.532 PST
Gen. Time:        01/15/2013 11:44:56.953 PST


INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT MALWARE DNS
    <unobserved>
    
EGG DOWNLOAD
    199.59.149.232 (8) (23:54:21.666 PST-00:02:18.375 PST)
       event=1:2013036 (8) {tcp} E3[rb] ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby, [] MAC_Src: 00:21:1C:EE:14:00
          58668<-80 (23:54:21.666 PST)
          2: 38572<-80 (00:00:59.150 PST-00:01:29.153 PST)
          36598<-80 (23:57:03.745 PST)
          2: 33080<-80 (23:55:25.652 PST-23:55:55.656 PST)
          2: 60377<-80 (00:01:53.185 PST-00:02:18.375 PST)
       
    199.59.150.9 (5) (23:56:08.980 PST-23:59:08.165 PST)
       event=1:2013036 (5) {tcp} E3[rb] ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby, [] MAC_Src: 00:21:1C:EE:14:00
          36797<-80 (23:57:44.828 PST)
          2: 58517<-80 (23:58:38.164 PST-23:59:08.165 PST)
          2: 46388<-80 (23:56:08.980 PST-23:56:38.983 PST)
       
    199.59.148.87 (2) (00:00:16.865 PST-00:00:46.677 PST)
       event=1:2013036 (2) {tcp} E3[rb] ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby, [] MAC_Src: 00:21:1C:EE:14:00
          2: 46784<-80 (00:00:16.865 PST-00:00:46.677 PST)
       
    199.59.148.20 (2) (23:53:28.532 PST)
       event=1:2013036 (2) {tcp} E3[rb] ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby, [] MAC_Src: 00:21:1C:EE:14:00
          47271<-80 (23:53:28.532 PST)
          40728<-80 (23:59:19.333 PST)
       
C and C TRAFFIC
    199.255.189.60 (11:44:56.953 PST)
       event=1:2012801 {tcp} E4[rb] ET TROJAN Spoofed MSIE 7 User-Agent Likely Ponmocup, [/filtered_reviews/chase-san-francisco-17?fsid=6n2g_muCw80zfLJ5i5XosA&filtered_start=10] MAC_Src: 00:21:5A:08:BB:0C
          38949->80 (11:44:56.953 PST)
       
C and C TRAFFIC (RBN)
    <unobserved>
    
C and C DNS CHECK-IN
    <unobserved>
    
OUTBOUND SKYPE CANDIDATE
    <unobserved>
    
OUTBOUND SCAN (spp)
    <unobserved>
    
OUTBOUND SCAN
    <unobserved>
    
ATTACK PREP
    <unobserved>
    
PEER COORDINATION Info
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
DECLARE BOT Standard Port
    <unobserved>
    
DECLARE BOT Non-standard Port
    <unobserved>
    
DECLARE BOT
    <unobserved>
    
OUTBOUND INTENSE MALWARE PORT SCAN
    <unobserved>
    
tcpslice 1358236408.532 1358236938.376 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.1.100'

============================== SEPARATOR ================================