Pattern JUL-AUGI

98 samples (Win2K-f (100%))

Ports
Infection Listen Egg-download
445 (84%)
139 (16%) 135 (100%)
500 (100%)
1026 (100%)
1027 (92%)
1028 (92%) 445 (84%)

Filenames
Processes
ftp.exe (99%)

Snort IDs
1:1390 (100%)
1:99998 (100%)
1:2001944 (84%)
1:3000006 (84%)
1:3003 (81%)

Network chatter
FTP
user=1 (100%)
pass=1 (99%)
destport=1028 (81%)
server=StnyFtpd 0wns j0 (80%)
destIP=10.2.32.201 (47%)
exec=Windows (39%)

Static analysis
MD5
None (99%)