Pattern JUL-AUGH

166 samples (Win2K-f (99%))

Ports
Infection Listen Egg-download Upload
445 (100%) 135 (99%)
500 (99%)
1026 (99%)
44445 (98%)
1027 (44%)
1028 (44%) 68 (25%) 44445 (98%)

Filenames
Processes
ftp.exe (93%)

Snort IDs
1:2000032 (100%)
1:2466 (100%)
1:3000004 (100%)
1:2000046 (99%)
1:99906 (99%)
1:5001684 (28%)
full list

Network chatter
FTP
user=a (97%)
pass=a (96%)
exec=resource32w.exe (94%)
server=WinFtpd 1.2 (87%)
destport=1028 (53%)

Static analysis
MD5 Antivirus labels
None (98%) biww (100%)
ircbot (100%)
mybot (100%)
rbot (100%)
robobot (100%)
spybot (100%)
full list