2014-06-19 - NUCLEAR EK FROM 5.135.28.118 - 2624633428-6.DISBARMENTSCORE.CO7.US

ASSOCIATED FILES:

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

AD TRAFFIC REDIRECTING TO NUCLEAR EK:

NUCLEAR EK:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT

File name:  2014-06-19-Nuclear-EK-flash-exploit.swf
File size:  4.0 KB ( 4062 bytes )
MD5 hash:  f95006970f34a6ca5bcd0b32b92dd48d
Detection ratio:  5 / 54
First submission:  2014-06-18 09:07:19 UTC
VirusTotal link:  https://www.virustotal.com/en/file/179c76bab67a75911b537abcb968cbd7ccbe42f212eab5d91b484ac24432064a/analysis/

NOTE: 3 of the 5 Antivirus organizations in this VirusTotal entry have identified the Flash exploit as CVE-2014-0515

 

JAVA EXPLOIT

File name:  2014-06-19-Nuclear-EK-java-exploit.jar
File size:  4.0 KB ( 4062 bytes )
MD5 hash:  f9c0027ccaeefa616e392132b02fbce7
Detection ratio:  2 / 54
First submission:  2014-06-19 00:22:49 UTC
VirusTotal link:  https://www.virustotal.com/en/file/69bf8fdc5510b6ee3c624d5b58043466aebb3301e1ae9ce96f66d7abc883c4fe/analysis/

 

MALWARE PAYLOAD

File name:  2014-06-19-Nuclear-EK-malware-payload.exe
File size:  217.0 KB ( 222208 bytes )
MD5 hash:  87223f535afd8b11dd79c6f39fc059d9
Detection ratio:  4 / 52
First submission:  2014-06-19 16:40:18 UTC
VirusTotal link:  https://www.virustotal.com/en/file/0282b70848a917cdeb0900ae67ba12fd051c6b147484e34b312198183a12b7b1/analysis/
Malwr link:  https://malwr.com/analysis/YTQzM2M0ZGY3ZGNjNGFlZmFhMzAxODViY2JhYjIwM2Y/

 

SNORT EVENTS

Emerging Threats and ETPRO rulesets:

Sourcefire VRT ruleset:

NOTE: These Snort events were taken from Sguil on Security Onion

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

p>Click here to return to the main page.