2016-03-22 - KAIXIN EK FROM 58.229.121.108

PCAPS AND MALWARE:

NOTES:

 

TRAFFIC

ASSOCIATED DOMAINS:


Shown above:  Pcap of the first run filtered in Wireshark.

 


Shown above:  Pcap of the second run with Flash exploits from KaiXin EK.

 

EXPLOITS AND MALWARE

 

IMAGES


Shown above:  File returned from the compromised site with injected script to the first gate.

 


Shown above:  Script from the first gate pointing to the second gate.

 


Shown above:  Script from the second gate pointing to KaiXin EK.

 


Shown above:  Some of the alerts from Sguil on Security Onion running Suricata and the EmergingThreats ruleset.

 


Shown above:  Some of the alerts from Snort using the Talos Subscriber ruleset.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.