File Hashes Analysis with Power BI from Data Stored in DShield SIEM

SUMMARY :

This analysis showcases the use of Power BI to examine file hash data from a DShield SIEM over a 60-day period. The process involved exporting data from Elastic Discover, importing it into Power BI, and creating visualizations for analysis. Key findings include the identification of an IP address (87.120.113.231) associated with RedTail malware, uploading six different files with multiple hashes. The analysis also revealed the reappearance of a previously identified Linux Trojan (Xorddos) from new IP addresses within the same subnet. Additionally, two strange filenames were discovered and investigated, with one identified as an IRCBot through VirusTotal. This method of large dataset analysis proves valuable in uncovering potentially overlooked or lost data through retrospective examination.

OPENCTI LABELS :

dshield,xorddos,redtail,ircbot,siem,power bi,visualization,file hashes,data analysis


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


File Hashes Analysis with Power BI from Data Stored in DShield SIEM