Cluster V

72 samples (WinXP (100%))

Ports
Infection Listen Egg-download Upload
1033 (28%)
1034 (24%)
445 (19%) 9996 (100%)
5554 (62%)
445 (29%) 9996 (100%) 9996 (84%)

Filenames
Processes Executables
MSMSGS.EXE (100%)
dwwin.exe (39%)

random 7/8
character filename index.dat (100%)
avserve2.exe (62%)

random 7/8
character filename

Registry keys
...Reliability\UserDefined (100%)
full list

Snort IDs
1:2000047 (100%)
1:2466 (100%)
1:99913 (100%)
1:3000004 (84%)
1:2001056 (73%)

Network chatter
FTP
user=anonymous (100%)
pass=bin (94%)
server=OK (87%)

Static analysis
MD5 Antivirus labels
831f4e... (40%)
1a2c0e... (19%)
diversity: 10.4%
full list
sasser (100%)
corr (92%)
jobaka (90%)