Score: 0.8 (>= 0.8) Infected Target: 130.107.159.32 Infector List: 201.64.79.22 Egg Source List: 201.64.79.22 C & C List: Peer Coord. List: Resource List: Observed Start: 01/21/2009 10:47:47.633 PST Gen. Time: 01/21/2009 10:47:49.271 PST INBOUND SCAN EXPLOIT 201.64.79.22 (10:47:47.633 PST) event=1:22466 {tcp} E2[rb] NETBIOS SMB-DS IPC$ unicode share access 445<-2020 (10:47:47.633 PST) EXPLOIT (slade) EGG DOWNLOAD 201.64.79.22 (2) (10:47:49.271 PST) event=1:2001683 {tcp} E3[rb] BLEEDING-EDGE Malware Windows executable sent from remote host 1028<-1517 (10:47:49.271 PST) ------------------------- event=1:5001684 {tcp} E3[rb] BotHunter Malware Windows executable (PE) sent from remote host 1028<-1517 (10:47:49.271 PST) C and C TRAFFIC PEER COORDINATION OUTBOUND SCAN ATTACK PREP DECLARE BOT tcpslice 1232563667.633 1232563667.634 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 130.107.159.32' ============================== SEPARATOR ================================