2016-05-27 - RIG EK SENDS TOFSEE

ASSOCIATED FILES:

  • 2016-05-26-Rig-EK-sends-Tofsee.pcap   (231,993 bytes)
  • 2016-05-27-Rig-EK-first-run.pcap   (47,826 bytes)
  • 2016-05-27-Rig-EK-second-run.pcap   (251,008 bytes)
  • 2016-05-26-Rig-EK-flash-exploit.swf   (182,13 bytes)
  • 2016-05-26-Rig-EK-landing-page.txt   (4,990 bytes)
  • 2016-05-26-Rig-EK-payload-Tofsee.exe   (188,416 bytes)
  • 2016-05-27-Rig-EK-flash-exploit.swf   (37,906 bytes)
  • 2016-05-27-Rig-EK-landing-page-first-run.txt   (4,982 bytes)
  • 2016-05-27-Rig-EK-landing-page-second-run.txt   (4,982 bytes)
  • 2016-05-27-Rig-EK-payload-Tofsee.exe   (184,320 bytes)

 

TRAFFIC


Shown above:  Pcap of the 2016-05-26 traffic filtered in Wireshark.


Shown above:  Pcap of the 2016-05-27 traffic (first run) filtered in Wireshark.


Shown above:  Pcap of the 2016-05-27 traffic (second run) filtered in Wireshark.

ASSOCIATED DOMAINS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.