botHunterResults_20140717_113809
If you can't read please download the document
description
gsd
Transcript of botHunterResults_20140717_113809
Score: 0.9 (>= 0.8)Infected Target: 129.173.67.123Infector List: 46.29.152.74Egg Source List: C & C List: Peer Coord. List: Resource List: Observed Start: 07/17/2014 11:38:18.693 ADTGen. Time: 07/17/2014 11:38:18.714 ADTINBOUND SCAN EXPLOIT 46.29.152.74 (11:38:18.714 ADT) event=1:2013497 {tcp} E2[rb] ET TROJAN MS Terminal Server User A Login, possible Morto inbound, [] MAC_Dst: 00:1E:8C:F5:62:6F 338980 (11:38:18.693 ADT) DECLARE BOT Non-standard Port DECLARE BOT OUTBOUND INTENSE MALWARE PORT SCAN tcpslice 1405607898.693 1405607898.694 inputFile.tcpd | tcpdump -r - -w outputFile.tcpd 'host 129.173.67.123'============================== SEPARATOR ================================Score: 0.9 (>= 0.8)Infected Target: 129.173.67.123Infector List: 46.29.152.74Egg Source List: C & C List: Peer Coord. List: Resource List: Observed Start: 07/17/2014 11:38:18.693 ADTReport End: 07/17/2014 11:38:22.959 ADTGen. Time: 07/17/2014 11:38:22.959 ADTINBOUND SCAN EXPLOIT 46.29.152.74 (15) (11:38:18.714 ADT-11:38:22.959 ADT) event=1:2013497 (15) {tcp} E2[rb] ET TROJAN MS Terminal Server User A Login, possible Morto inbound, [] MAC_Dst: 00:1E:8C:F5:62:6F 5: 3389
