Score:            0.8 (>= 0.8)
Infected Target:  192.168.1.100
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       <unobserved>
Peer Coord. List: 88.165.21.137, 178.22.88.44, 165.230.49.115 (2), 202.112.128.11, 192.16.125.11 (6), 129.110.125.51 (4), 134.117.226.180 (2)
Resource List:    <unobserved>
Observed Start:   03/20/2013 12:27:55.213 PDT
Gen. Time:        03/20/2013 12:31:30.777 PDT


INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT MALWARE DNS
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    <unobserved>
    
C and C TRAFFIC (RBN)
    <unobserved>
    
C and C DNS CHECK-IN
    <unobserved>
    
OUTBOUND SKYPE CANDIDATE
    <unobserved>
    
OUTBOUND SCAN (spp)
    <unobserved>
    
OUTBOUND SCAN
    <unobserved>
    
ATTACK PREP
    <unobserved>
    
PEER COORDINATION Info
    88.165.21.137 (12:28:26.416 PDT)
       event=1:1100013 {udp} E7[info] P2P torrent DHT ping, [] MAC_Src: 00:21:5A:08:BB:0C
          6881->23672 (12:28:26.416 PDT)
       
    178.22.88.44 (12:28:02.883 PDT)
       event=1:2000357 {tcp} E7[info] ET P2P BitTorrent Traffic, [] MAC_Src: 00:21:5A:08:BB:0C
          6881->40019 (12:28:02.883 PDT)
       
    165.230.49.115 (2) (12:28:11.382 PDT-12:28:22.232 PDT)
       event=1:2000357 (2) {tcp} E7[info] ET P2P BitTorrent Traffic, [] MAC_Src: 00:21:5A:08:BB:0C
          2: 6881->36454 (12:28:11.382 PDT-12:28:22.232 PDT)
       
    202.112.128.11 (12:27:55.213 PDT)
       event=1:2000357 {tcp} E7[info] ET P2P BitTorrent Traffic, [] MAC_Src: 00:21:5A:08:BB:0C
          6881->46361 (12:27:55.213 PDT)
       
    192.16.125.11 (6) (12:28:04.232 PDT-12:28:58.150 PDT)
       event=1:2000357 (6) {tcp} E7[info] ET P2P BitTorrent Traffic, [] MAC_Src: 00:21:5A:08:BB:0C
          6: 6881->59167 (12:28:04.232 PDT-12:28:58.150 PDT)
       
    129.110.125.51 (4) (12:28:33.444 PDT-12:29:06.729 PDT)
       event=1:2000357 (4) {tcp} E7[info] ET P2P BitTorrent Traffic, [] MAC_Src: 00:21:5A:08:BB:0C
          4: 6881->43457 (12:28:33.444 PDT-12:29:06.729 PDT)
       
    134.117.226.180 (2) (12:29:04.889 PDT-12:29:17.631 PDT)
       event=1:2000357 (2) {tcp} E7[info] ET P2P BitTorrent Traffic, [] MAC_Src: 00:21:5A:08:BB:0C
          2: 6881->39109 (12:29:04.889 PDT-12:29:17.631 PDT)
       
PEER COORDINATION
    <unobserved>
    
DECLARE BOT Standard Port
    <unobserved>
    
DECLARE BOT Non-standard Port
    94.23.32.56 (12:31:30.777 PDT)
       event=1:9930020 {udp} E8[unk] ET ShadowServer confirmed botnet control server on non-standard port, [] MAC_Src: 00:21:5A:08:BB:0C
          6881->49806 (12:31:30.777 PDT)
       
DECLARE BOT
    <unobserved>
    
OUTBOUND INTENSE MALWARE PORT SCAN
    <unobserved>
    
tcpslice 1363807675.213 1363807757.632 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.1.100'

============================== SEPARATOR ================================