| | Attack port | Ports |
|---|
| 445 (100%) | 5554 (100%)
9996 (100%)
445 (67%)
4858 (50%)
1041 (33%)
1050 (33%)full list |
|
| | Processes |
|---|
cmd.exe (86%)
csrss.exe (86%)
explorer.exe (86%)
lsass.exe (86%)
services.exe (86%)
spoolsv.exe (86%)full list
random 8
character filename |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:22466:7 (76%)
1:299913:1 (76%)
1:22001056:5 (41%) | 1:31000004:99 (60%)
1:2001683:3 (55%)
1:5001684:99 (55%)
1:2000047:4 (41%) | 1:52123:3 (58%)
555:5555005:1 (35%)
1:2001569:11 (34%) |
|
| | Registry keys | Registry values |
|---|
| - | - |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
:proxim.ircgalaxy.pl (31%)
DE:proxim.ircgalaxy.pl (25%) | DE:85.114.137.60:65520 (57%) | - |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
pass=bin (100%)
user=anonymous (72%) | - | - |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
_sasser (100%)
etrust (100%)
ewido (100%)
ikarus (100%)
kaspersky (100%)
webwasher (100%)full list | 831f4e... (28%)
1a2c0e... (22%)
741e3b... (20%)
03f912... (6%)diversity: 13.3%
full list | eb7546... (28%)
048df7... (22%)
e0197e... (20%)
83893b... (6%)diversity: 5.1%
full list |
|
