| Attack port | Ports |
---|
135 (100%) | - |
|
| Drops | Processes |
---|
cmd.exe (98%)
csrss.exe (98%)
explorer.exe (98%)
lsass.exe (98%)
services.exe (98%)
spoolsv.exe (98%)full list | cmd.exe (98%)
csrss.exe (98%)
explorer.exe (98%)
lsass.exe (98%)
services.exe (98%)
spoolsv.exe (98%)full list |
|
| Snort IDs | Snort Egg IDs | Snort Outbound IDs |
---|
1:299913:1 (92%) | 1:1444:3 (100%)
1:3001441:1 (100%)
1:2008120:1 (92%) | 1:52123:3 (100%) |
|
| Registry keys | Registry values |
---|
- | - |
|
| Failed connections | C & C IPs |
---|
- | - |
|
| FTP chatter | HTTP chatter | IRC chatter |
---|
- | - | - |
|
| Antivirus labels | Packed MD5 | Unpacked MD5 |
---|
ikarus (83%)
authentium (75%)
fortinet (75%)
kaspersky (75%)
sophos (75%)
webwasher (75%)full list | diversity: 88.9%
| diversity: 80.0%
|
|