Cluster AS
12 samples (Win2K-f (92%))
Ports
Infection
Listen
Egg-download
139 (100%)
135 (100%)
500 (100%)
1026 (100%)
1027 (36%)
139 (100%)
68 (50%)
Snort IDs
1:1390 (100%)
1:3000005 (100%)
1:99998 (100%)
1:5001684 (58%)
1:2001683 (50%)
Network chatter
FTP
pass=1 (100%)
user=1 (100%)
server=fuckFtpd 0wns j0 (73%)
exec=MSNGR32.com (36%)
Static analysis
MD5
diversity: 100.0%
