2014-06-22 - NUCLEAR EK FROM 5.101.140.53 - CROWDFUNDING.MAZATLAN-MAZTERS.COM

ASSOCIATED FILES:

 

CHAIN OF EVENTS

 

PRELIMINARY MALWARE ANALYSIS

JAVA EXPLOIT

File name:  2014-06-22-Nuclear-EK-java-exploit.jar
File size:  12.2 KB ( 12493 bytes )
MD5 hash:  0cb56ca4e9d3bd7f9ff8fe9c328cef31
Detection ratio:  1 / 53
First submission:  2014-06-22 01:25:28 UTC
VirusTotal link:  https://www.virustotal.com/en/file/19ff7f906b844d9b20f7e73ecdecf0f4600ae338d510a9a2f69244319e7047e5/analysis/

 

MALWARE PAYLOAD

File name:  2014-06-22-Nuclear-EK-malware-payload.exe
File size:  103.8 KB ( 106320 bytes )
MD5 hash:  2ad148c1efc1b9d706dc99a45e760690
Detection ratio:  1 / 53
First submission:  2014-06-22 01:25:19 UTC
VirusTotal link:  https://www.virustotal.com/en/file/d64e7412f28ef90e58d4464153b19416c1e6e2568aa3e9dc2c335b89070b4eaf/analysis/

 

SNORT EVENTS

Emerging Threats and ETPRO rulesets:

Sourcefire VRT ruleset:

NOTE: These Snort events were taken from Sguil on Security Onion

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.