Cluster R
88 samples (Win2K-f (58%)
WinXP (42%))
Ports
Infection
Listen
Egg-download
445 (56%)
1028 (61%)
135 (58%)
500 (58%)
1026 (58%)
1027 (58%)
1032 (42%)
full list
445 (71%)
68 (25%)
Filenames
Processes
Executables
ftp.exe (100%)
MSMSGS.EXE (42%)
index.dat (100%)
o (62%)
ii (38%)
Snort IDs
1:1390 (82%)
1:99998 (82%)
1:2001944 (71%)
1:3000006 (71%)
1:3003 (67%)
1:2001683 (36%)
full list
Network chatter
FTP
pass=1 (76%)
user=1 (76%)
server=StnyFtpd 0wns j0 (45%)
Static analysis
MD5
diversity: 100.0%