2015-07-02 - FIESTA EK FROM 66.225.219.224 - JACKKWIZC.DDNSKING.COM

PCAP AND MALWARE:

• ZIP of the traffic:  2015-07-02-Fiesta-EK-traffic.pcap.zip
• ZIP file of the malware:  2015-07-02-Fiesta-EK-malware.zip

 

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

• 66.225.219.224 port 80 - jackkwizc.ddnsking.com - Fiesta EK

 

FIESTA EK:

• 2015-07-02 16:37:23 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/counter.php?id=3
• 2015-07-02 16:37:23 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/?3
• 2015-07-02 16:37:24 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/dJ2H9rIuFm6RnI1eVRHew-bR96kfkM8Wi-WKVeP2-qiW
• 2015-07-02 16:37:24 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/fqvX3UJpRUzzw413CrFN0tzYrCt6TXgvegnIUUct0z3yH6.4060129
• 2015-07-02 16:37:24 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/evFbw9YzC6rV8sUMqFIXYwYcR9WWI2GPGHRW-crCzbiIf.910
• 2015-07-02 16:37:25 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/babhQrLu6OqLDSG-XjwNF8t4whAGQGDNKfV80zstXb.118800.94
• 2015-07-02 16:37:26 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/dDcTF93Sk5-XJJ9qFhyYw-3N9WWdvFJWiIw-crGKl_yq
• 2015-07-02 16:37:27 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/dDcTF93Sk5-XJJ9qFhyYw-3N9WWdvFJWiIw-crGKl_yq.1
• 2015-07-02 16:37:31 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/ChtpxP1zKW5SY0rFR3xu5A7e6TXAArVQNYIc9sEX_2p
• 2015-07-02 16:37:33 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/ChtpxP1zKW5SY0rFR3xu5A7e6TXAArVQNYIc9sEX_2p.1
• 2015-07-02 16:37:38 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/CNje0q2VVGhD0XrcRGSw-r7tBLEAMtWnI_yc8cfKvK3
• 2015-07-02 16:37:40 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/CNje0q2VVGhD0XrcRGSw-r7tBLEAMtWnI_yc8cfKvK3.1
• 2015-07-02 16:37:40 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/5JFw9Q0lh3rxF6g3pcN2Cw-b5tB-f27tWi-wyVfyXIUHB
• 2015-07-02 16:37:42 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/5L1sHwfqpTAPl20ySw-X9zhrY_BzzAGqLnIWAV8eybZaO
• 2015-07-02 16:37:42 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/BsNuPU6IG61QiqwY2tW5vS_4uwA7SAQYUvceHVXxhC.1
• 2015-07-02 16:37:44 UTC - jackkwizc.ddnsking.com - GET /p4zra9wf/BsNuPU6IG61QiqwY2tW5vS_4uwA7SAQYUvceHVXxhC.1.1

 

FINAL NOTES

Once again, here's the PCAP of the traffic and ZIP file of the malware:

• ZIP of the traffic:  2015-07-02-Fiesta-EK-traffic.pcap.zip
• ZIP file of the malware:  2015-07-02-Fiesta-EK-malware.zip

The ZIP file is password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.