| | Attack port | Ports |
|---|
445 (76%)
135 (23%) | 1035 (30%) |
|
| | Drops | Processes |
|---|
agentsvr.exe (100%)
cacls.exe (100%)
calc.exe (100%)
charmap.exe (100%)
chkntfs.exe (100%)
cidaemon.exe (100%)full list | cmd.exe (99%)
spoolsv.exe (83%)
explorer.exe (82%)
csrss.exe (81%)
lsass.exe (81%)
services.exe (81%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:299913:1 (66%)
1:22000032:6 (44%)
1:22466:7 (44%)
1:292000032:99 (44%) | 1:5001684:99 (62%)
1:2001683:3 (41%)
1:3000003:99 (37%)
1:3000000:99 (28%) | 1:52123:3 (73%) |
|
| | Registry keys | Registry values |
|---|
...currentversion/runservices (48%)
...currentversion/runonce (41%)
...currentversion/runonce (41%)
...microsoft/wireless (29%)full list | id (35%) |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
:proxim.ircgalaxy.pl (45%)
DE:proxim.ircgalaxy.pl (34%) | DE:85.114.137.60:65520 (29%) | 85.114.137.60:65520 (26%)
69.247.147.113:13001 (13%)
210.245.211.11:65520 (12%)
85.114.137.60:80 (9%)
222.177.11.165:7000 (7%)
211.96.97.44:7000 (6%)full list |
|
| | FTP chatter | HTTP chatter |
|---|
user=a (94%)
pass=a (80%)
exec=msnmanegers.exe (26%) | version=1.0 (100%)
UA=mozilla/4.0 (70%)
filename=/x.exe (70%) |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
webwasher (100%)
sophos (98%)
virut (98%)
fortinet (92%)
etrust (91%)
virutas (87%)full list | 3f5ec5... (5%) diversity: 77.0%
full list | 4a7743... (5%) diversity: 58.3%
full list |
|
