2016-06-21 - DATA DUMP - NEUTRINO EK SENDS CRYPTXXX

ASSOCIATED FILES:

  • 2016-06-21-Afraidgate-Neutrino-EK-sends-CryptXXX.pcap   (1,166,861 bytes)
  • 2016-06-21-EITest-Neutrino-EK-sends-CryptXXX.pcap   (1,184,332 bytes)
  • 2016-06-21-pseudoDarkleech-Neutrino-EK-sends-CryptXXX-after-fsm-europe.eu.pcap   (447,648 bytes)
  • 2016-06-21-pseudoDarkleech-Neutrino-EK-sends-CryptXXX-after-xenon.com.au.pcap   (446,789 bytes)
  • 2016-06-21-Afraidgate-CryptXXX-decrypt-instructions.bmp   (8,294,454 bytes)
  • 2016-06-21-Afraidgate-CryptXXX-decrypt-instructions.html   (36,201 bytes)
  • 2016-06-21-Afraidgate-CryptXXX-decrypt-instructions.txt   (1,755 bytes)
  • 2016-06-21-Afraidgate-Neutrino-EK-flash-exploit.swf   (82,631 bytes)
  • 2016-06-21-Afraidgate-Neutrino-EK-landing-page.txt   (817 bytes)
  • 2016-06-21-Afraidgate-Neutrino-EK-payload-CryptXXX.dll   (303,104 bytes)
  • 2016-06-21-Afraidgate-galop.serviciosgeologicos.com.ar-script-widget.js.txt   (231 bytes)
  • 2016-06-21-EITest-CryptXXX-decrypt-instructions.bmp   (3,686,454 bytes)
  • 2016-06-21-EITest-CryptXXX-decrypt-instructions.html   (36,201 bytes)
  • 2016-06-21-EITest-CryptXXX-decrypt-instructions.txt   (1,755 bytes)
  • 2016-06-21-EITest-Neutrino-EK-flash-exploit.swf   (82,632 bytes)
  • 2016-06-21-EITest-Neutrino-EK-landing-page.txt   (817 bytes)
  • 2016-06-21-EITest-Neutrino-EK-payload-CryptXXX.dll   (303,104 bytes)
  • 2016-06-21-EITest-flash-redirect-from-dertyt.ml.swf   (15,832 bytes)
  • 2016-06-21-page-from-fsm-europe.eu-with-injected-pseudoDarkleech-script.txt   (82,298 bytes)
  • 2016-06-21-page-from-jkanime.net-with-injected-Afraidgate-script.txt   (122,934 bytes)
  • 2016-06-21-page-from-ladepresion.org-with-injected-EITest-script.txt   (41,907 bytes)
  • 2016-06-21-page-from-xenon.com.au-with-injected-pseudoDarkleech-script.txt   (56,463 bytes)
  • 2016-06-21-pseudoDarkleech-CryptXXX-decrypt-instructions.bmp   (8,294,454 bytes)
  • 2016-06-21-pseudoDarkleech-CryptXXX-decrypt-instructions.html   (36,201 bytes)
  • 2016-06-21-pseudoDarkleech-CryptXXX-decrypt-instructions.txt   (1,755 bytes)
  • 2016-06-21-pseudoDarkleech-Neutrino-EK-flash-exploit-after-fsm-europe.eu.swf   (82,626 bytes)
  • 2016-06-21-pseudoDarkleech-Neutrino-EK-flash-exploit-after-xenon.com.au.swf   (82,629 bytes)
  • 2016-06-21-pseudoDarkleech-Neutrino-EK-landing-page-after-fsm-europe.eu.txt   (803 bytes)
  • 2016-06-21-pseudoDarkleech-Neutrino-EK-landing-page-after-xenon.com.au.txt   (893 bytes)
  • 2016-06-21-pseudoDarkleech-Neutrino-EK-payload-CryptXXX.dll   (303,104 bytes)

 

NOTES:


Shown above:  An example of rundll32.exe and the CryptXXX .dll file in Process Explorer.

 


Shown above:  Flow charts for these Neutrino EK --> CryptXXX infections.

 

TRAFFIC

ASSOCIATED DOMAINS:

 


Shown above:  pseudoDarkleech --> Neutrino EK --> CryptXXX infection after viewing xenon.com.au.

 


Shown above:  pseudoDarkleech --> Neutrino EK --> CryptXXX infection after viewing fsm-europe.eu.

 


Shown above:  Afraidgate --> Neutrino EK --> CryptXXX infection after jkanime.net.

 


Shown above:  EITest --> Neutrino EK --> CryptXXX infection after ladepresion.org.

 

IMAGES


Shown above:  An example of an infected Windows desktop, rebooted after one of today's Neutrino EK --> CryptXXX infections.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.