2014-08-24 - FIESTA EK FROM 64.202.116.154 - SBZRSVI.DDNSKING.COM

ASSOCIATED FILES:

 

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

FIESTA EK:

 

POST-INFECTION TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

RERDOM EXAMPLE:

File name:  UpdateFlashPlayer_e96b6afc.exe
File size:  156.0 KB ( 159744 bytes )
MD5 hash:  b97c14f436a08dfeb8a5fd3cd330b0a5
Detection ratio:  7 / 55
First submission:  2014-08-24 02:17:16 UTC
VirusTotal link:  https://www.virustotal.com/en/file/9416efc91239accf7bef876a00e547a77b5170d5982969f1e08560eb622f169a/analysis/

 

SNORT EVENTS FOR THE POST-INFECTION TRAFFIC

Post-infection signature hits from the Emerging Threats and ETPRO rulesets from Sguil on Security Onion (not including ET POLICY or ET INFO events):

Post-infection signature hits from the Sourcefire VRT ruleset from Snort 2.9.6.0 on Ubuntu 14.04 LTS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.