2016-06-01 - RIG EK FROM 46.30.46.6 SENDS TOFSEE

ASSOCIATED FILES:

  • 2016-06-01-Rig-EK-sends-Tofsee.pcap   (1,449,812 bytes)
  • 2016-06-01-Rig-EK-flash-exploit.swf   (37,819 bytes)
  • 2016-06-01-Rig-EK-landing-page.txt   (4,982 bytes)
  • 2016-06-01-Rig-EK-payload-Tofsee.exe   (241,664 bytes)
  • 2016-06-01-lluuitgg.exe   (42,704,896 bytes)   [Found on the infected host at: C:\Users\username\lluuitgg.exe]

 

NOTES:

 

TRAFFIC

 


Shown above:  Pcap of the traffic filtered in Wireshark.

 

GATE AND RIG EK:

TOFSEE POST-INFECTION TRAFFIC:

OTHER TCP CONNECTIONS OR ATTEMPTED CONNECTIONS FROM THE INFECTED HOST:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.