Pattern I

90 samples (mostly Win2K-f)


Ports
InfectionListenEgg-download
usually 445135 (97%)
500 (97%)
1026 (97%)		445 (93%)
68 (54%)
Snort IDs
1:1390 (100%)
1:99998 (100%)
1:2001944 (94%)
1:3000006 (93%)
1:3003 (89%)
1:5001684 (59%)
1:2001683 (57%)
Network chatter
FTP
pass=1 (77%)
user=1 (77%)
server=StnyFtpd 0wns j0 (62%)
Static analysis
MD5
always None