2016-06-20 - EK DATA DUMP (NEUTRINO EK, RIG EK, SUNDOWN EK)

ASSOCIATED FILES:

  • 2016-06-20-Afraidgate-Neutrino-EK_sends-CryptXXX.pcap   (580,968 bytes)
  • 2016-06-20-EITest-Neutrino-EK-sends-CryptXXX.pcap   (619,361 bytes)
  • 2016-06-20-Rig-EK-after-chipdating.link.pcap   (87,185 bytes)
  • 2016-06-20-Rig-EK-after-monavocatparis.fr.pcap   (245,813 bytes)
  • 2016-06-20-Sundown-EK-traffic.pcap   (383,350 bytes)
  • 2016-06-20-pseudoDarkleech-Neutrino-EK-sends-CryptXXX-after-contaratosbeach.gr.pcap   (627,304 bytes)
  • 2016-06-20-pseudoDarkleech-Neutrino-EK-sends-CryptXXX-after-salentoeasy.it.pcap   (624,267 bytes)
  • 2016-06-20-pseudoDarkleech-using-hopto.org-Neutrino-EK-sends-CryptXXX.pcap   (1,198,039 bytes)
  • 2016-06-20-Afraidgate-Neutrino-EK-flash-exploit.swf   (81,565 bytes)
  • 2016-06-20-Afraidgate-Neutrino-EK-landing-page.txt   (927 bytes)
  • 2016-06-20-Afraidgate-Neutrino-EK-payload-CryptXXX.dll   (452,608 bytes)
  • 2016-06-20-EITest-Neutrino-EK-flash-exploit.swf   (81,565 bytes)
  • 2016-06-20-EITest-Neutrino-EK-landing-page.txt   (817 bytes)
  • 2016-06-20-EITest-Neutrino-EK-payload-CryptXXX.dll   (476,160 bytes)
  • 2016-06-20-EITest-flash-file-from-mionne.tk.swf   (15,832 bytes)
  • 2016-06-20-Rig-EK-flash-exploit.swf   (21,798 bytes)
  • 2016-06-20-Rig-EK-landing-page-after-chipdating.link.txt   (5,264 bytes)
  • 2016-06-20-Rig-EK-landing-page-after-monavocatparis.fr.txt   (5,304 bytes)
  • 2016-06-20-Rig-EK-payload-after-chipdating.link.exe   (43,008 bytes)
  • 2016-06-20-Rig-EK-payload-after-monavocatparis.fr.exe   (196,608 bytes)
  • 2016-06-20-Sundown-EK-flash-exploit.swf   (38,603 bytes)
  • 2016-06-20-Sundown-EK-landing-page-1-of-2-second-run-with-IE8.txt   (31,176 bytes)
  • 2016-06-20-Sundown-EK-landing-page-2-of-2-second-run-with-IE8.txt   (45,836 bytes)
  • 2016-06-20-Sundown-EK-landing-page-first-run-with-IE11.txt   (66,220 bytes)
  • 2016-06-20-Sundown-EK-payload.exe   (172,032 bytes)
  • 2016-06-20-Sundown-EK-silverlight-exploit.zip   (20,412 bytes)
  • 2016-06-20-decrypt-instructions-for-all-CryptXXX-samples.bmp   (3,686,454 bytes)
  • 2016-06-20-decrypt-instructions-for-all-CryptXXX-samples.html   (36,201 bytes)
  • 2016-06-20-decrypt-instructions-for-all-CryptXXX-samples.txt   (1,755 bytes)
  • 2016-06-20-page-from-contaratosbeach.gr-with-injected-pseudoDarkleech-script.txt   (145,733 bytes)
  • 2016-06-20-page-from-salentoeasy.it-with-injected-pseudoDarkleech-script.txt   (16,546 bytes)
  • 2016-06-20-pseudoDarkleech-Neutrino-EK-flash-exploit-after-contaratosbeach.gr.swf   (82,983 bytes)
  • 2016-06-20-pseudoDarkleech-Neutrino-EK-flash-exploit-after-salentoeasy.it.swf   (82,941 bytes)
  • 2016-06-20-pseudoDarkleech-Neutrino-EK-landing-page-after-contaratosbeach.gr.txt   (801 bytes)
  • 2016-06-20-pseudoDarkleech-Neutrino-EK-landing-page-after-salentoeasy.it.txt   (819 bytes)
  • 2016-06-20-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll   (443,904 bytes)
  • 2016-06-20-pseudoDarkleech-script-from-hopto.org-domain.txt   (15,501 bytes)
  • 2016-06-20-pseudoDarkleech-using-hopto.org-CryptXXX-decrypt-instructions.bmp   (4,147,254 bytes)
  • 2016-06-20-pseudoDarkleech-using-hopto.org-CryptXXX-decrypt-instructions.html   (36,201 bytes)
  • 2016-06-20-pseudoDarkleech-using-hopto.org-CryptXXX-decrypt-instructions.txt   (1,755 bytes)
  • 2016-06-20-pseudoDarkleech-using-hopto.org-Neutrino-EK-flash-exploit.swf   (82,983 bytes)
  • 2016-06-20-pseudoDarkleech-using-hopto.org-Neutrino-EK-landing-page.txt   (801 bytes)
  • 2016-06-20-pseudoDarkleech-using-hopto.org-Neutrino-EK-payload-CryptXXX.dll   (303,104 bytes)

 

NOTES:

 

TRAFFIC

ASSOCIATED DOMAINS:

 


Shown above:  Sundown EK.  Two tries.  No infection the first time using an IE11 setup.  Got it later using IE8.

 


Shown above:  pseudoDarkleech Neutrino EK sends CryptXXX, example 1.

 


Shown above:  pseudoDarkleech Neutrino EK sends CryptXXX, example 2.

 


Shown above:  Rig EK infection chain after veiwing monavocatparis.fr.

 


Shown above:  EITest Neutrino EK sends CryptXXX.

 


Shown above:  Afraidgate Neutrino EK sends CryptXXX.

 


Shown above:  Rig EK infection chain after veiwing chipdating.link URL.

 


Shown above:  pseudoDarkleech Neutrino EK with hopto.org gate sends CryptXXX.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.