2014-04-06 - GOON/INFINITY EK

ASSOCIATED FILES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS

INFECTION TRAFFIC

 

PRELIMINARY MALWARE ANALYSIS

SILVERLIGHT EXPLOIT - CVE-2013-0074

File name:  2014-04-06-Goon-EK-silverlight-exploitxap
File size:  13.5 KB ( 13802 bytes )
MD5 hash:  7a44e0dc5f7f64385e5c99027e09f86c
Detection ratio:  9 / 51
First submission:  2014-04-05 11:11:25 UTC
VirusTotal link:  https://www.virustotal.com/en/file/e78064ebee0249fdd98bea2ad8574719266b67feca9491d9375ff3d69f86d539/analysis/

 

JAVA EXPLOIT - CVE-2013-2465

File name:  2014-04-06-Goon-EK-java-exploit.jar
File size:  10.5 KB ( 10798 bytes )
MD5 hash:  4c89da4a9a79a2f8e4550bffb22ab8d7
Detection ratio:  4 / 51
First submission:  2014-04-06 02:59:27 UTC
VirusTotal link:  https://www.virustotal.com/en/file/0379eacf34483452bfb564e6576e6e3140d1e9b52f978ee62921c2d307bd93e8/analysis/1396753167/

 

MALWARE PAYLOAD

File name:  2014-04-06-Goon-EK-malware-payload.exe
File size:  136.5 KB ( 139776 bytes )
MD5 hash:  ed025cbe6c89c599d8cea579ab3182c3
Detection ratio:  3 / 50
First submission:  2014-04-06 02:10:01 UTC
VirusTotal link:  https://www.virustotal.com/en/file/a8493d2c2ef6140f374fe405f7c6225528f08b43a63e66b310880ef07642ebf3/analysis/
Malwr link:  https://malwr.com/analysis/YWVhNWE0MzI5N2Q1NDUwNzkzZDc1MTQzYWEzZDQ2N2Y/

 

SNORT EVENTS

SNORT EVENTS FROM THE INFECTION TRAFFIC (from Sguil on Security Onion)

 

FINAL NOTES

Once again, here are links for the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.