2014-08-22 - NUCLEAR EK FROM 87.117.255.66 - LIMITED.MARRIAGEAMERICANET.COM

ASSOCIATED FILES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

COMPROMISED WEBSITE AND MALICIOUS AD CHAIN:

 

NUCLEAR EK:

 

POST-INFECTION TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT:

File name:  2014-08-22-Nuclear-EK-flash-exploit.swf
File size:  5.6 KB ( 5743 bytes )
MD5 hash:  da10fc6b287719bef50de61187697e2d
Detection ratio:  2 / 55
First submission:  2014-08-22 00:44:09 UTC
VirusTotal link:  https://www.virustotal.com/en/file/027c853542568afdcc0018363665a6ac7d3123e83c709e874fc7a77160e9511d/analysis/

 

JAVA EXPLOIT:

File name:  2014-08-22-Nuclear-EK-java-exploit.jar
File size:  12.1 KB ( 12356 bytes )
MD5 hash:  87b0838601967e55a2301d54d455a214
Detection ratio:  4 / 55
First submission:  2014-08-22 00:44:23 UTC
VirusTotal link:  https://www.virustotal.com/en/file/5fe5a0e866fedf8d8fba722f9aca42bb6dddfb9a3971011e169c52ea763d483a/analysis/

 

PDF EXPLOIT:

File name:  2014-08-22-Nuclear-EK-pdf-exploit.pdf
File size:  9.5 KB ( 9706 bytes )
MD5 hash:  fa121ccd1b6a9de986c4b21db674d6fd
Detection ratio:  2 / 54
First submission:  2014-08-22 00:44:43 UTC
VirusTotal link:  https://www.virustotal.com/en/file/829757ee803b7cbe39054499368c9cac07462d566237a1ee0f70c609fd30eac8/analysis/

 

MALWARE PAYLOAD:

File name:  2014-08-22-Nuclear-EK-malware-payload.exe
File size:  100.4 KB ( 102771 bytes )
MD5 hash:  c13cbaa70c7a0709d86d16242179df68
Detection ratio:  1 / 55
First submission:  2014-08-22 00:45:03 UTC
VirusTotal link:  https://www.virustotal.com/en/file/b92c749b42ad5ecb846e319a3eed7871e38bdc75722b9cd324e9ecea0f0b279f/analysis/

 

SNORT EVENTS

Emerging Threats and ETPRO rulesets from Sguil on Security Onion (without ET POLICY or ET INFO events):

Sourcefire VRT ruleset from Snort 2.9.6.0 on Ubuntu 14.04 LTS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.