#CC filter="s-port=80 and c-ip=10.0.2.106 and s-ip=95.211.9.145 and sc-http-status=200" label="From-Botnet-V1-CC1-HTTP-Custom-Encryption" filter="s-port=80 and c-ip=10.0.2.106 and s-ip=95.211.9.145 and sc-http-status!=200" label="From-Botnet-V1-CC1-HTTP-Custom-Encryption-Attempt" filter="s-port=80 and c-ip=10.0.2.106 and s-ip=212.124.126.66 and sc-http-status=200" label="From-Botnet-V1-CC2-HTTP-Custom-Encryption" filter="s-port=80 and c-ip=10.0.2.106 and s-ip=212.124.126.66 and sc-http-status!=200" label="From-Botnet-V1-CC2-HTTP-Custom-Encryption-Attempt" filter="s-port=80 and c-ip=10.0.2.106 and s-ip=194.28.87.64 and sc-http-status=200" label="From-Botnet-V1-CC3-HTTP-Custom-Encryption" filter="s-port=80 and c-ip=10.0.2.106 and s-ip=194.28.87.64 and sc-http-status!=200" label="From-Botnet-V1-CC3-HTTP-Custom-Encryption-Attempt" # Normal stuff to windows filter="s-port=80 and c-ip=10.0.2.106 and s-ip=66.171.231.15" label="Normal-Windows-msftncsi" # Google filter="s-port=80 and sc-http-status=302 and c-ip=10.0.2.106 and cs-url=google.com" label="From-Botnet-V1-google.com-redirecting-to-other-site" filter="s-port=80 and sc-http-status=200 and c-ip=10.0.2.106 and cs-url=google.cz" label="From-Botnet-V1-google.cz" filter="s-port=80 and sc-http-status=302 and c-ip=10.0.2.106 and cs-url=google.cz" label="From-Botnet-V1-google.cz-redirecting-to-other-site" # bing filter="s-port=80 and sc-http-status=302 and c-ip=10.0.2.106 and cs-url=bing.com" label="From-Botnet-V1-bing.com-redirecting-to-other-site" filter="s-port=80 and sc-http-status=200 and c-ip=10.0.2.106 and cs-url=bing.com" label="From-Botnet-V1-bing.com" # Binary downloads? filter="c-ip=10.0.2.106 and cs-url=.exe and sc-http-status=200" label="From-Botnet-V1-binary-download" filter="c-ip=10.0.2.106 and cs-url=.exe and sc-http-status!=200" label="From-Botnet-V1-binary-download-attempt" # Default for botnet filter="c-ip=10.0.2.106" label="From-Botnet-V1" #Default filter="" label="Background"