2014-06-29 - MAGNITUDE EK FROM 64.187.226.183 - 751.895A24.1C7872.05A3.4D.2DAFCA.A1E.C2.QGZOCPAL.SLIPTRIED.IN

ASSOCIATED FILES:

 

CHAIN OF EVENTS:

ASSOCIATED DOMAINS:

 

MAGNITUDE EK:

[!] indicates a malware payload was sent.

 

POST-INFECTION TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

JAVA EXPLOIT:

File name:  2014-06-29-Magnitude-EK-java-exploit.jar
File size:  13.5 KB ( 13830 bytes )
MD5 hash:  4ab8409d83b845f39f787ac0ba087811
Detection ratio:  2 / 54
First submission:  2014-06-30 21:53:23 UTC
VirusTotal link:  https://www.virustotal.com/en/file/8edf0aab22d5c16d4e1ea5f438a9ecb461bfbfc7a6db364cdba9fd434dec211b/analysis/

 

MALWARE TAKEN FROM THE VM:

NOTE: The malware payloads in the PCAP are obfuscated with more than a simple XOR, and I couldn't decrypt them.  I also couldn't find the last malware payload (4 of 4) on the infected VM, so it's not included here.

 

SNORT EVENTS

These Snort events were taken from Sguil on Security Onion using the default Emerging Threats rule set.  This list does not include the ET INFO or ET POLICY rules.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.