Score:            1.0 (>= 0.8)
Infected Target:  192.168.1.14
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       173.208.150.250
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   06/03/2013 07:28:51.209 PDT
Gen. Time:        06/03/2013 07:29:04.328 PDT


INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT MALWARE DNS
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    173.208.150.250 (07:29:04.328 PDT)
       event=1:2002033 {tcp} E4[rb] ET TROJAN BOT - potential response, [] MAC_Src: 00:01:64:FF:CE:EA
          80->42939 (07:29:04.328 PDT)
       
C and C TRAFFIC (RBN)
    <unobserved>
    
C and C DNS CHECK-IN
    <unobserved>
    
OUTBOUND SKYPE CANDIDATE
    <unobserved>
    
OUTBOUND SCAN (spp)
    <unobserved>
    
OUTBOUND SCAN
    173.208.150.250 (4) (07:28:51.209 PDT)
       event=1:552123 (4) {tcp} E5[rb] REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner, [] MAC_Src: 00:01:64:FF:CE:EA
          80->60095 (07:28:51.209 PDT)
          80->33652 (07:28:53.278 PDT)
          80->35746 (07:28:55.724 PDT)
          80->39255 (07:28:59.720 PDT)
       
ATTACK PREP
    <unobserved>
    
PEER COORDINATION Info
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
DECLARE BOT Standard Port
    <unobserved>
    
DECLARE BOT Non-standard Port
    <unobserved>
    
DECLARE BOT Local Threat Triggered
    <unobserved>
    
DECLARE BOT
    <unobserved>
    
OUTBOUND INTENSE MALWARE PORT SCAN
    <unobserved>
    
tcpslice 1370269731.209 1370269731.210 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.1.14'

============================== SEPARATOR ================================
Score:            1.0 (>= 0.8)
Infected Target:  192.168.1.14
Infector List:    <unobserved>
Egg Source List:  <unobserved>
C & C List:       173.208.150.250 (9)
Peer Coord. List: <unobserved>
Resource List:    <unobserved>
Observed Start:   06/03/2013 07:28:51.209 PDT
Gen. Time:        06/03/2013 07:32:31.699 PDT


INBOUND SCAN
    <unobserved>
    
EXPLOIT
    <unobserved>
    
EXPLOIT MALWARE DNS
    <unobserved>
    
EGG DOWNLOAD
    <unobserved>
    
C and C TRAFFIC
    173.208.150.250 (9) (07:29:04.328 PDT-07:29:04.330 PDT)
       event=1:2002033 (9) {tcp} E4[rb] ET TROJAN BOT - potential response, [] MAC_Src: 00:01:64:FF:CE:EA
          9: 80->42939 (07:29:04.328 PDT-07:29:04.330 PDT)
       
C and C TRAFFIC (RBN)
    <unobserved>
    
C and C DNS CHECK-IN
    <unobserved>
    
OUTBOUND SKYPE CANDIDATE
    <unobserved>
    
OUTBOUND SCAN (spp)
    <unobserved>
    
OUTBOUND SCAN
    173.208.150.250 (5) (07:28:51.209 PDT)
       event=1:552123 (5) {tcp} E5[rb] REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner, [] MAC_Src: 00:01:64:FF:CE:EA
          80->60095 (07:28:51.209 PDT)
          80->33652 (07:28:53.278 PDT)
          80->35746 (07:28:55.724 PDT)
          80->39255 (07:28:59.720 PDT)
          80->48353 (07:29:10.553 PDT)
       
ATTACK PREP
    <unobserved>
    
PEER COORDINATION Info
    <unobserved>
    
PEER COORDINATION
    <unobserved>
    
DECLARE BOT Standard Port
    <unobserved>
    
DECLARE BOT Non-standard Port
    <unobserved>
    
DECLARE BOT Local Threat Triggered
    <unobserved>
    
DECLARE BOT
    <unobserved>
    
OUTBOUND INTENSE MALWARE PORT SCAN
    <unobserved>
    
tcpslice 1370269731.209 1370269744.331 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 192.168.1.14'

============================== SEPARATOR ================================