| | Attack port | Ports |
|---|
| 445 (100%) | 80 (100%) |
|
| | Drops | Processes |
|---|
cmd.exe (100%)
ndisrd.sys (100%)
csrss.exe (93%)
explorer.exe (93%)
lsass.exe (93%)
services.exe (93%)full list | cmd.exe (100%)
csrss.exe (93%)
explorer.exe (93%)
lsass.exe (93%)
services.exe (93%)
spoolsv.exe (93%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
1:22466:7 (66%)
1:22000032:6 (65%)
1:292000032:99 (65%)
1:299913:1 (65%)
1:2000032:6 (34%)
1:2000032:99 (34%)full list | 1:3000000:99 (99%)
1:2001683:3 (72%)
1:5001684:99 (72%) | 555:5555005:1 (100%) |
|
| | Registry keys | Registry values |
|---|
...windows/currentversion (100%)
...currentversion/internetsettings (100%)
...internetsettings/zones (100%)
...zones/0 (100%)
...zones/1 (100%)
...zones/2 (100%)full list | 1601 (100%)
@ (100%)
iexplore.exe (100%)
settings (98%)
locked (93%) |
|
| | DNS Lookups | Failed connections | C & C IPs |
|---|
:wpad (91%)
DE:siliconfireware.ru (65%)
US:searchportal.informati... (43%)
EU:siliconfireware.ru (27%)full list | DE:217.11.54.126:80 (75%)
EU:78.47.200.154:80 (74%)
DE:212.227.111.29:80 (67%) | 85.114.137.60:80 (83%) |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
| - | - | url=http://ew.egg.com/w.p... (41%)
url=http://iliconfireware... (38%)full list |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
etrust (100%)
microsoft (100%)
padobot (100%)
sophos (100%)
berbew (97%)
symantec (97%)full list | a12cab... (50%)
df17a6... (27%)diversity: 15.3%
full list | 40f7f4... (50%)
9bbdd0... (15%)diversity: 8.5%
full list |
|
