BotHunter Daily Analysis Index

BotHunter ®
Live Internet Monitor Page
Computer Science Laboratory
SRI International

Last Updated: Mon Mar 11 23:00:23 2013

www.BOTHUNTER.net

Victim IP	Max Score	Profiles	CCs	Events
192.168.1.85	1.0	VIEW 10	157.56.229.187 157.56.229.187 (Dsl), Msn.Net, Microsoft Corp, Redmond, Washington, United States. 65.55.24.243 65.55.24.243 (Dsl), Msn.Net, Microsoft Corp, Bellevue, Washington, United States. 65.55.24.236 65.55.24.236 (Dsl), Msn.Net, Microsoft Corp, Bellevue, Washington, United States. 157.55.35.88 157.55.35.88 (Dsl), Msn.Net, Microsoft Corp, Redmond, Washington, United States. 65.55.52.94 65.55.52.94 (Dsl), Msn.Net, Microsoft Corp, Bellevue, Washington, United States.	1:2002033 {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->39377 1:552123 (5) {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->12083 1:2002033 (4) {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->39377 1:552123 (8) {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->12083 1:2002033 {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->29488 1:552123 {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->15572 1:2002033 (2) {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->29488 1:552123 (5) {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->19443 1:2002033 {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->55573 1:552123 (2) {tcp} Outbound Attack: REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner; 80->23184 1:2002033 (5) {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->55573 1:2002033 {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->36748 1:2002033 (5) {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->35172 1:2002033 {tcp} C&C Communication: ET TROJAN BOT - potential response; 80->52526
192.168.1.41	1.6	VIEW 177		777:7777005 {tcp} Outbound Scan: Detected moderate malware port scanning of 10 IPs (6 /24s) (# pkts S/M/O/I=0/10/0/0): 22:10 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 51528->22 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 55911->22 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 55911->22 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 57364->22 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 52226->22 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 44089->22 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 44089->22 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 52073->22 1:2001219 {tcp} Outbound Attack: ET SCAN Potential SSH Scan (20 in 60 secs); 39197->22 777:7777008 {tcp} Malware Scan: Detected intense malware port scanning of 44 IPs (28 /24s) (# pkts S/M/O/I=0/44/0/0): 22:44 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 57485->22 777:7777005 {tcp} Outbound Scan: Detected moderate malware port scanning of 10 IPs (10 /24s) (# pkts S/M/O/I=0/10/0/0): 22:10 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 56247->22 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 54649->22 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 44438->22 777:7777008 {icmp} Malware Scan: Detected intense malware port scanning of 45 IPs (29 /24s) (# pkts S/M/O/I=0/44/1/0): 22:44 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 56475->22 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 54877->22 1:2003068 {tcp} Outbound Attack: ET SCAN Potential SSH Scan OUTBOUND; 52555->22