Cluster D

Ports	Infection Listen Egg-download Upload 445 (70%) 113 (99%) 3067 (99%) 1032 (65%) 1031 (35%) 1032 (54%) 1031 (26%)
Filenames	Processes Executables MSMSGS.EXE (100%) random 5/6/7/8 character filename ftpupd.exe (100%) random 5/6/7/8 character filename
Registry keys	...Microsoft\Wireless (100%) full list
Snort IDs	1:2000032 (100%) 1:2000033 (100%) 1:2466 (100%) 1:99913 (100%) 1:2001683 (100%) 1:5001684 (100%) full list
Static analysis	MD5 Antivirus labels Domain 7f6016... (71%) 042774... (7%) 492957... (5%) diversity: 4.4% full list korgo (100%) padobot (100%) ircbot (71%) sdbot (71%) lsabot (28%) brussels.be.eu.undernet.o... (100%) caen.fr.eu.undernet.org (100%) flanders.be.eu.undernet.o... (100%) gaspode.zanet.org.za (100%) graz.at.eu.undernet.org (100%) lia.zanet.net (100%) full list