Pattern JUL-AUGF

149 samples (WinXP (100%))

Ports
Infection Listen Egg-download
445 (81%)
139 (19%) 1032 (99%)
1033 (89%) 445 (71%)

Filenames
Processes Executables
MSMSGS.EXE (100%)
ftp.exe (79%) index.dat (100%)
o (86%)

Snort IDs
1:1390 (90%)
1:99998 (90%)
1:2001944 (71%)
1:3000006 (71%)
1:3003 (70%)

Network chatter
FTP
pass=1 (100%)
user=1 (100%)
destport=1033 (87%)
server=StnyFtpd 0wns j0 (73%)
exec=Windows (38%)
destIP=10.2.32.214 (32%)

Static analysis
MD5 Antivirus labels
None (98%) sdbot (100%)
rbot (67%)