| Attack port | Ports |
---|
135 (100%) | 69 (88%)
707 (88%)
1031 (88%)
1027 (62%)
1034 (38%) |
|
| Drops |
---|
dllhost.exe (81%)
explorer.exe (42%)
cmd.exe (38%)
csrss.exe (38%)
lsass.exe (38%)
services.exe (38%)full list |
|
| Snort IDs | Snort Egg IDs | Snort Outbound IDs |
---|
1:299913:1 (100%) | 1:1444:3 (100%)
1:2008120:1 (100%)
1:3001441:1 (100%) | 1:52123:3 (100%) |
|
| Registry keys | Registry values |
---|
- | - |
|
| DNS Lookups | C & C IPs |
---|
US:download.microsoft.com (86%)
US:microsoft.com (86%)
:proxim.ircgalaxy.pl (46%) | 72.10.172.211:8080, 67.43.236.66:8080 (50%)
67.43.236.66:8080, 72.10.172.211:8080 (33%) |
|
| HTTP chatter | IRC chatter |
---|
- | - |
|
| Antivirus labels | Packed MD5 | Unpacked MD5 |
---|
sophos (91%)
authentium (89%)
kaspersky (89%)
webwasher (89%)
fortinet (86%)
ikarus (85%)full list | 53bfe1... (21%)
168aab... (6%)diversity: 54.3%
full list | 73f108... (10%)
a08f3b... (9%)
4c3df2... (8%)diversity: 40.3%
full list |
|