This analysis showcases the use of Power BI to examine file hash data from a DShield SIEM over a 60-day period. The process involved exporting data from Elastic Discover, importing it into Power BI, and creating visualizations for analysis. Key findings include the identification of an IP address (87.120.113.231) associated with RedTail malware, uploading six different files with multiple hashes. The analysis also revealed the reappearance of a previously identified Linux Trojan (Xorddos) from new IP addresses within the same subnet. Additionally, two strange filenames were discovered and investigated, with one identified as an IRCBot through VirusTotal. This method of large dataset analysis proves valuable in uncovering potentially overlooked or lost data through retrospective examination. Author: AlienVault
Related Tags:
file hashes
siem
power bi
visualization
IRCBot
RedTail
DShield
XorDDoS
T1078
Associated Indicators:
7860246BA168278DF0530433CD7BD09677EFC8D1
5B8626055F1A2432258F39BD6AA469C9