| | Attack port | Ports |
|---|
| 135 (100%) | - |
|
| | Drops | Processes |
|---|
cmd.exe (98%)
csrss.exe (98%)
explorer.exe (98%)
lsass.exe (98%)
services.exe (98%)
spoolsv.exe (98%)full list | cmd.exe (98%)
csrss.exe (98%)
explorer.exe (98%)
lsass.exe (98%)
services.exe (98%)
spoolsv.exe (98%)full list |
|
| | Snort IDs | Snort Egg IDs | Snort Outbound IDs |
|---|
| 1:299913:1 (92%) | 1:1444:3 (100%)
1:3001441:1 (100%)
1:2008120:1 (92%) | 1:52123:3 (100%) |
|
| | Registry keys | Registry values |
|---|
| - | - |
|
| | Failed connections | C & C IPs |
|---|
| - | - |
|
| | FTP chatter | HTTP chatter | IRC chatter |
|---|
| - | - | - |
|
| | Antivirus labels | Packed MD5 | Unpacked MD5 |
|---|
ikarus (83%)
authentium (75%)
fortinet (75%)
kaspersky (75%)
sophos (75%)
webwasher (75%)full list | diversity: 88.9%
| diversity: 80.0%
|
|
