2014-05-24 - FLASHPACK EK FROM 62.212.128.199 - G07A1KXCNP83X1Z21FJVQTW.PARFUMLERI.ORG

PCAP AND MALWARE:

NOTES:

PREVIOUS FLASHPACK EK TRAFFIC ON THIS BLOG:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

TRAFFIC NOTED:

 

PRELIMINARY MALWARE ANALYSIS

 

SNORT EVENTS

SNORT EVENTS FOR THE INFECTION TRAFFIC (from Sguil on Security Onion):

Emerging Threats ruleset

Sourcefire VRT ruleset

 

FINAL NOTES

Once again, here are links for the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.