Cluster AI

24 samples (Win2K-f (54%)
WinXP (46%))

Ports
Infection Listen Egg-download
135 (54%)
445 (21%)
139 (12%) 135 (88%)
500 (81%)
1026 (81%) 1027 (29%)
1028 (29%)

Filenames
Processes Executables
MSMSGS.EXE (46%) index.dat (100%)
o (27%)

Snort IDs
1:2001684 (100%)
1:99913 (62%)
1:1390 (29%)
1:99998 (29%)

Network chatter
FTP
server=- (75%)
pass=1 (58%)
user=1 (58%)
exec=Tilecomfc.com (25%)

Static analysis
MD5 Antivirus labels
2aa59b... (100%)
diversity: 4.2%
full list
bvpz (100%)
delf (100%)
eggdrop (100%)
generic4 (100%)
linkbot (100%)
ms06040 (100%)
full list