2014-06-12 - CVE-2014-0515 EXPLOIT FROM SWEET ORANGE EK - 82.118.17.172 PORT 16122 - IMG.BLUEPRINT-LEGAL.COM:16122

ASSOCIATED FILES:

NOTES:

 

CHAIN OF EVENTS

NOTE: No java exploits were sent in response to the requests for a JAR file.

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT

File name:  2014-06-12-Sweet-Orange-EK-flash-exploit.swf
File size:  3.7 KB ( 3738 bytes )
MD5 hash:  4e2a9652c42f52c369204dc8818eb434
Detection ratio:  1 / 54
First submission:  2014-06-13 06:35:53 UTC
VirusTotal link:  https://www.virustotal.com/en/file/d2bc28e651184a2f251b0cb799f5a10ab2cf5030ebd33bd535898e23b58da694/analysis/

 

MALWARE PAYLOAD

File name:  2014-06-12-Sweet-Orange-EK-malware-payload.exe
File size:  256.0 KB ( 262144 bytes )
MD5 hash:  280f0c567eaaef776b95c53dede9e934
Detection ratio:  23 / 53
First submission:  2014-06-11 20:58:39 UTC
VirusTotal link:  https://www.virustotal.com/en/file/b47b52fa525cd43ddfbdec9b5c7cb911352d339a44662e6c2ada1a8db04db1a7/analysis/
Malwr link:  https://malwr.com/analysis/YTNhNGI1NTcwNjFkNGJjM2ExOGI5NjQ5MDU1NDFlMTE/

 

SNORT EVENTS

No snort events were noted, since this traffic took place on a non-standard port for HTTP traffic.

 

HIGHLIGHTS FROM THE TRAFFIC

Sweet Orange EK delivers CVE-2014-0515 Flash exploit:

 

Payload delivered after successful CVE-2014-0515 exploit:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.