2013-07-14 - DOTKACHEF EXPLOIT KIT FROM 209.240.135[.]142 - WWW.LAPOSTGROUP[.]COM

NOTICE:

ASSOCIATED FILES:

 

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

COMPROMISED WEBSITE AND REDIRECT:

 

DOTKACHEF EK:

 

PRELIMINARY MALWARE ANALYSIS

JAVA EXPLOIT:

File name:  2013-07-14-DotkaChef-EK-java-exploit.jar
File size:  29.4 KB ( 29,376 bytes )
First submission:  2013-07-13 16:41:50 UTC
VirusTotal link:  https://www.virustotal.com/en/file/8e2bfb0f7d7955d086a7ca0ef221caf3a360fa1d396d26fc19557c5410ca5319/analysis/

 

MALWARE PAYLOAD:

File name:  2013-07-14-DotkaChef-EK-malware-payload.exe
File size:  223.2 KB ( 223,232 bytes )
First submission:  2013-07-15 00:49:49 UTC
VirusTotal link:  https://www.virustotal.com/en/file/75941c19409c3c616bd1159fb192efe108bf188f01471c4df95b2b42ba817ddc/analysis/

 

SIGNATURE HITS

Screenshot of Emerging Threats signature hits from Sguil on Security Onion (without ET POLICY or ET INFO events):

 

SCREENSHOTS FROM THE TRAFFIC

Page from the website that was first viewed:

 

Redirect (gate) pointing to DotkaChef EK landing page:

 

DotkaChef EK landing page:

 

DotkaChef EK delivering the java exploit:

 

DotkaChef EK delivering the malware payload:

 

Click here to return to the main page.