2014-08-28 - NUCLEAR EK FROM 80.85.85.71 - NANORAIFA.LOOSECANNON.INFO

ASSOCIATED FILES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

COMPROMISED WEBSITE AND REDIRECT:

 

NUCLEAR EK:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT:

File name:  2014-08-28-Nuclear-EK-flash-exploit.swf
File size:  5.7 KB ( 5847 bytes )
MD5 hash:  a93d6fb584c3b1dc1fb33149de13e164
Detection ratio:  1 / 54
First submission:  2014-08-29 00:32:36 UTC
VirusTotal link:  https://www.virustotal.com/en/file/1ec6476d6ece91f87a846488780ece72b11958593ac1a0d17dd5f882fe90f226/analysis/

 

JAVA EXPLOIT:

File name:  2014-08-28-Nuclear-EK-java-exploit.jar
File size:  12.3 KB ( 12580 bytes )
MD5 hash:  e294048a59d597575096532c741cd4e0
Detection ratio:  6 / 55
First submission:  2014-08-28 19:05:41 UTC
VirusTotal link:  https://www.virustotal.com/en/file/9c97994a67d709e87b1f3158ed54dc6250656705cce4139cce3e169849bef533/analysis/

 

PDF EXPLOIT:

File name:  2014-08-28-Nuclear-EK-pdf-exploit.pdf
File size:  9.4 KB ( 9604 bytes )
MD5 hash:  041b768326fdf5628f99e0195e383126
Detection ratio:  3 / 55
First submission:  2014-08-29 01:39:05 UTC
VirusTotal link:  https://www.virustotal.com/en/file/a04f368adeb41929657f6716f1f87d452cb9bf00b50a9d8ba18a5380d1794beb/analysis/

 

MALWARE PAYLOAD:

File name:  2014-08-28-Nuclear-EK-malware-payload.exe
File size:  120.0 KB ( 122880 bytes )
MD5 hash:  4df1855c166b868ccf56c161c1d4aeff
Detection ratio:  3 / 55
First submission:  2014-08-29 00:31:55 UTC
VirusTotal link:  https://www.virustotal.com/en/file/f58c180c08be9217afa8cb98720e888059842ea661974e356eb46e0c6e21d588/analysis/

 

SNORT EVENTS

Emerging Threats and ETPRO rulesets from Sguil on Security Onion (without ET POLICY or ET INFO events):

Sourcefire VRT ruleset from Snort 2.9.6.2 on Debian 7.6:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.