TorLocker
You know, all the online analysis I've seen of malware samples is very in-depth and quite good, but it's all assuming a level of expertise with application security and reverse engineering that I just don't have. I need something focused on network intrusion analysis, but usually that's just a subset of the RE. So, I've decided to start my own analyses, which I will store here for now. I'll start with an interesting series of events that led my analysts in the SOC (where I am shift supervisor) to write a number of tickets for malware remediation. On 10/16/2014 15:52:35 PDT, our firewall showed some Tor traffic from internal hosts, so I filtered for that and found about a dozen internal hosts that were being flagged for it. The Palo Alto firewall was using its deep packing inspection capability to classify the traffic according to its Applipedia database. The most active host was sending traffic to 81.7.14.246, so I searched for that and found the Malwr sample