2016-06-02 - EK DATA DUMP (ANGLER EK, KAIXIN EK, RIG EK)

ASSOCIATED FILES:

  • 2016-06-02-KaiXin-EK-from-98.126.83.188-port-82.pcap   (169,581 bytes)
  • 2016-06-02-KaiXin-EK-from-cbat.or.kr.pcap   (113,097 bytes)
  • 2016-06-02-Rig-EK-after-doc-italia.com.pcap   (325,318 bytes)
  • 2016-06-02-Rig-EK-after-pavtube.com.pcap   (482,411 bytes)
  • 2016-06-02-other-Angler-EK-after-woogerworks.com.pcap   (1,093,571 bytes)
  • 2016-06-02-pseudoDarkleech-Angler-EK-after-mfgsci.com.pcap   (1,175,862 bytes)
  • 2016-06-02-98.126.83.188-port-82-ZnUaLm.html.txt   (16,122 bytes)
  • 2016-06-02-98.126.83.188-port-82-index.html.txt   (15,663 bytes)
  • 2016-06-02-98.126.83.188-port-82-jquery.js.txt   (15,728 bytes)
  • 2016-06-02-98.126.83.188-port-82-logo.swf   (30,337 bytes)
  • 2016-06-02-98.126.83.188-port-82-swfobject.js.txt   (12,624 bytes)
  • 2016-06-02-98.126.83.189-port-82-smss.exe   (56,064 bytes)
  • 2016-06-02-Angler-EK-flash-exploit.swf   (40,784 bytes)
  • 2016-06-02-Rig-EK-flash-exploit.swf   (378,17 bytes)
  • 2016-06-02-Rig-EK-landing-page-after-doc-italia.com.txt   (4,910 bytes)
  • 2016-06-02-Rig-EK-landing-page-after-pavtube.com.txt   (4,906 bytes)
  • 2016-06-02-Rig-EK-payload-after-doc-italia.com.exe   (249,856 bytes)
  • 2016-06-02-Rig-EK-payload-after-pavtube.com.exe   (339,968 bytes)
  • 2016-06-02-a.topgunn.photography-pnhviewforumrembo.php.txt   (944 bytes)
  • 2016-06-02-cbat.or.kr-MzVuOo.html.txt   (16,104 bytes)
  • 2016-06-02-cbat.or.kr-SmSnRq.html.txt   (10,183 bytes)
  • 2016-06-02-cbat.or.kr-index.html.txt   (9,507 bytes)
  • 2016-06-02-cbat.or.kr-jquery.js.txt   (15,728 bytes)
  • 2016-06-02-cbat.or.kr-logo.swf   (30,349 bytes)
  • 2016-06-02-cbat.or.kr-swfobject.js.txt   (12,624 bytes)
  • 2016-06-02-other-Angler-EK-payload-CryptXXX-after-woogerworks.com.dll   (155,648 bytes)
  • 2016-06-02-other-Angler-EK-payload-CryptXXX-decrypt-instructions.bmp   (3,686,454 bytes)
  • 2016-06-02-other-Angler-EK-payload-CryptXXX-decrypt-instructions.html   (14,190 bytes)
  • 2016-06-02-other-Angler-EK-payload-CryptXXX-decrypt-instructions.txt   (1,755 bytes)
  • 2016-06-02-page-from-mfgsci.com-with-injected-pseudoDarkleech-script.txt   (50,490 bytes)
  • 2016-06-02-pseduoDarkleech-Angler-EK-CryptXXX-decrypt-instructions.bmp   (3,686,454 bytes)
  • 2016-06-02-pseduoDarkleech-Angler-EK-CryptXXX-decrypt-instructions.html   (14,190 bytes)
  • 2016-06-02-pseduoDarkleech-Angler-EK-CryptXXX-decrypt-instructions.txt   (1,755 bytes)
  • 2016-06-02-pseudoDarkleech-Angler-EK-landing-page-after-mfgsci.com.txt   (7,1657 bytes)
  • 2016-06-02-pseudoDarkleech-Angler-EK-payload-CryptXXX-after-mfgsci.com.dll   (286,720 bytes)

 

TRAFFIC

ASSOCIATED DOMAINS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.