Score:            0.8 (>= 0.8)
Infected Target:  192.168.1.102
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       <unobserved>
Peer Coord. List: 200.19.159.35, 139.19.158.227 (3), 192.107.171.145 (3), 145.99.179.147, 128.187.223.212, 193.63.75.20, 204.8.155.226, 128.208.4.199 (2), 83.230.127.122 (3), 200.129.132.18
Resource List:    <unobserved>
Observed Start:   03/25/2013 09:18:51.444 PDT
Gen. Time:        03/25/2013 09:22:04.426 PDT


INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT MALWARE DNS
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    <unobserved>
    
C and C TRAFFIC (RBN)
    <unobserved>
    
C and C DNS CHECK-IN
    <unobserved>
    
OUTBOUND SKYPE CANDIDATE
    <unobserved>
    
OUTBOUND SCAN (spp)
    <unobserved>
    
OUTBOUND SCAN
    <unobserved>
    
ATTACK PREP
    <unobserved>
    
PEER COORDINATION Info
    200.19.159.35 (09:19:11.723 PDT)
       event=1:2000334 {tcp} E7[info] ET P2P BitTorrent peer sync, [] MAC_Src: 00:21:5A:08:EC:40
          52768->6881 (09:19:11.723 PDT)
       
    139.19.158.227 (3) (09:18:56.490 PDT-09:19:07.107 PDT)
       event=1:2000334 {tcp} E7[info] ET P2P BitTorrent peer sync, [] MAC_Src: 00:21:5A:08:EC:40
          6881->59127 (09:19:20.131 PDT)
       -------------------------
       event=1:2000357 (2) {tcp} E7[info] ET P2P BitTorrent Traffic, [] MAC_Src: 00:21:5A:08:EC:40
          2: 6881->59127 (09:18:56.490 PDT-09:19:07.107 PDT)
       
    192.107.171.145 (3) (09:18:51.444 PDT-09:19:13.133 PDT)
       event=1:2000357 (3) {tcp} E7[info] ET P2P BitTorrent Traffic, [] MAC_Src: 00:21:5A:08:EC:40
          3: 6881->39275 (09:18:51.444 PDT-09:19:13.133 PDT)
       
    145.99.179.147 (09:18:52.023 PDT)
       event=1:2000334 {tcp} E7[info] ET P2P BitTorrent peer sync, [] MAC_Src: 00:21:5A:08:EC:40
          6881->59560 (09:18:52.023 PDT)
       
    128.187.223.212 (09:19:32.676 PDT)
       event=1:2000334 {tcp} E7[info] ET P2P BitTorrent peer sync, [] MAC_Src: 00:21:5A:08:EC:40
          60853->6881 (09:19:32.676 PDT)
       
    193.63.75.20 (09:19:29.873 PDT)
       event=1:1100013 {udp} E7[info] P2P torrent DHT ping, [] MAC_Src: 00:21:5A:08:EC:40
          6881->6881 (09:19:29.873 PDT)
       
    204.8.155.226 (09:19:19.397 PDT)
       event=1:2000334 {tcp} E7[info] ET P2P BitTorrent peer sync, [] MAC_Src: 00:21:5A:08:EC:40
          6881->53831 (09:19:19.397 PDT)
       
    128.208.4.199 (2) (09:19:18.778 PDT-09:19:32.756 PDT)
       event=1:2000357 (2) {tcp} E7[info] ET P2P BitTorrent Traffic, [] MAC_Src: 00:21:5A:08:EC:40
          2: 6881->41514 (09:19:18.778 PDT-09:19:32.756 PDT)
       
    83.230.127.122 (3) (09:19:16.000 PDT-09:19:41.471 PDT)
       event=1:2000357 (3) {tcp} E7[info] ET P2P BitTorrent Traffic, [] MAC_Src: 00:21:5A:08:EC:40
          3: 6881->50674 (09:19:16.000 PDT-09:19:41.471 PDT)
       
    200.129.132.18 (09:19:32.878 PDT)
       event=1:2000334 {tcp} E7[info] ET P2P BitTorrent peer sync, [] MAC_Src: 00:21:5A:08:EC:40
          42584->6881 (09:19:32.878 PDT)
       
PEER COORDINATION
    <unobserved>
    
DECLARE BOT Standard Port
    <unobserved>
    
DECLARE BOT Non-standard Port
    195.128.181.52 (09:22:04.426 PDT)
       event=1:9930020 {udp} E8[unk] ET ShadowServer confirmed botnet control server on non-standard port, [] MAC_Src: 00:21:5A:08:EC:40
          6881->61086 (09:22:04.426 PDT)
       
DECLARE BOT
    <unobserved>
    
OUTBOUND INTENSE MALWARE PORT SCAN
    <unobserved>
    
tcpslice 1364228331.444 1364228381.472 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.1.102'

============================== SEPARATOR ================================