Cluster AH
27 samples (Win2K-f (74%)
WinXP (26%))
Ports
Infection
Listen
Egg-download
Upload
135 (100%)
135 (95%)
500 (91%)
1026 (91%)
69 (32%)
69 (100%)
1028 (48%)
1027 (30%)
Filenames
Processes
Executables
MSMSGS.EXE (50%)
index.dat (83%)
random 7
character filename
Registry keys
...CurrentVersion\RunServices (100%)
...CurrentVersion\Run (60%)
...InternetSettings\5.0 (60%)
full list
Snort IDs
1:1444 (100%)
1:3001441 (100%)
1:99913 (100%)
Network chatter
C&C
67.43.236.68 (7%)
Static analysis
MD5
diversity: N/A
