2016-05-10 - TUESDAY MALSPAM HUNT - CERBER, LOCKY, AND PORTUGUESE MALSPAM

ASSOCIATED FILES:

 

EMAILS AND ATTACHMENTS


Shown above:  Data from the .csv spreadsheet on 8 emails from today's malspam.

 


Shown above:  Data from the .csv spreadsheet on 8 attachments from today's malspam.

 


Shown above:  Locky malspam example 1 of 2.

 


Shown above:  Locky malspam example 2 of 2.

 


Shown above:  Cerber malspam example.

 


Shown above:  Portuguese malspam example.

 

TRAFFIC


Shown above:  Traffic from executing one of the extracted .hta files, filtered in Wireshark.

 

ASSOCIATED DOMAINS:

HTTP REQUESTS FOR LOCKY FROM ONE OF THE .HTA FILES:

HTTP REQUESTS FOR LOCKY FROM THE .JS FILES:

POST-INFECTION CALLBACK FROM THE LOCKY INFECTIONS:

HTTP REQUEST FOR CERBER FROM THE .DOT FILE:

HTTP REQUESTS FROM THE PORTUGUESE MALSPAM:

 

ZIP ARCHIVE CONTENTS

 

FINAL NOTES

Once again, here is the associated file:

The ZIP file is password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.