2016-06-30 - NEUTRINO EK DATA DUMP

NOTES:

ASSOCIATED FILES:

  • 2016-06-30-Afraidgate-Neutrino-EK-sends-Locky-after-marketingguerilla.es.pcap   (389,569 bytes)
  • 2016-06-30-EITest-Neutrino-EK-sends-CryptXXX-after-4county.org.pcap   (1,181,650 bytes)
  • 2016-06-30-EITest-Neutrino-EK-sends-CryptXXX-after-cliniqueh.dk.pcap   (1,350,829 bytes)
  • 2016-06-30-EITest-Neutrino-EK-sends-CryptXXX-after-pekabex.pl.pcap   (1,269,719 bytes)
  • 2016-06-30-pseudoDarkleech-Neutrino-EK-sends-CryptXXX-after-alphamedical02.fr.pcap   (1,291,478 bytes)
  • 2016-06-30-pseudoDarkleech-Neutrino-EK-sends-CryptXXX-after-chromechurch.com.pcap   (1,173,364 bytes)
  • 2016-06-30-psuedoDarkleech-Neutrino-EK-sends-CryptXXX-after-austinbioidenticaldoctor.com.pcap   (940,549 bytes)
  • 2016-06-30-realstatistics-gate-Neutrino-EK-sends-Gootkit-after-lostreschiles.com.pcap   (383,704 bytes)
  • 2016-06-30-realstatistics-gate-Neutrino-EK-sends-Gootkit-after-tne.mx.pcap   (311,536 bytes)
  • ZIP archive of the malware/artifacts:  2016-06-30-Neutrino-EK-data-dump-malware-and-artifacts.zip   3.0 MB (2,980,754 bytes)
    • 2016-06-30-Afraidgate-Neutrino-EK-flash-exploit-after-marketingguerilla.es.swf   (87,898 bytes)
    • 2016-06-30-Afraidgate-Neutrino-EK-landing-page-after-marketingguerilla.es.txt   (1,169 bytes)
    • 2016-06-30-Afraidgate-Neutrino-EK-payload-Locky-after-marketingguerilla.es.exe   (240,130 bytes)
    • 2016-06-30-Afraidgate-redirect-from-live.keeprunning.com.br-js-node.js.txt   (276 bytes)
    • 2016-06-30-EITest-CryptXXX-decrypt-instructions.bmp   (3,686,454 bytes)
    • 2016-06-30-EITest-CryptXXX-decrypt-instructions.html   (36,201 bytes)
    • 2016-06-30-EITest-CryptXXX-decrypt-instructions.txt   (1,755 bytes)
    • 2016-06-30-EITest-Neutrino-EK-flash-exploit-after-4county.org.swf   (88,348 bytes)
    • 2016-06-30-EITest-Neutrino-EK-flash-exploit-after-cliniqueh.dk.swf   (88,348 bytes)
    • 2016-06-30-EITest-Neutrino-EK-flash-exploit-after-pekabex.pl.swf   (88,194 bytes)
    • 2016-06-30-EITest-Neutrino-EK-landing-page-after-4county.org.txt   (1,175 bytes)
    • 2016-06-30-EITest-Neutrino-EK-landing-page-after-cliniqueh.dk.txt   (1,191 bytes)
    • 2016-06-30-EITest-Neutrino-EK-landing-page-after-pekabex.pl.txt   (1,171 bytes)
    • 2016-06-30-EITest-Neutrino-EK-payload-CryptXXX-after-4county.org.dll   (504,832 bytes)
    • 2016-06-30-EITest-Neutrino-EK-payload-CryptXXX-after-cliniqueh.dk.dll   (464,384 bytes)
    • 2016-06-30-EITest-Neutrino-EK-payload-CryptXXX-after-pekabex.pl.dll   (469,504 bytes)
    • 2016-06-30-EITest-flash-redirect-from-fryex.tk.swf   (3,371 bytes)
    • 2016-06-30-EITest-flash-redirect-from-lokffd.tk.swf   (3,371 bytes)
    • 2016-06-30-EITest-flash-redirect-from-uucilo.ml.swf   (3,371 bytes)
    • 2016-06-30-page-from-4county.org-with-injected-EITest-script.txt   (66,057 bytes)
    • 2016-06-30-page-from-alphamedical02.fr-with-injected-script-pointing-to-Neutrino-EK.txt   (22,495 bytes)
    • 2016-06-30-page-from-chromechurch.com-with-injected-script-pointing-to-Neutrino-EK.txt   (7,762 bytes)
    • 2016-06-30-page-from-cliniqueh.dk-with-injected-EITest-script.txt   (20,522 bytes)
    • 2016-06-30-page-from-lostreschiles.com-with-injected-script-pointing-to-realstatistics-gate.txt   (8,737 bytes)
    • 2016-06-30-page-from-marketingguerilla.es-with-injected-script-pointing-to-Afraidgate-domain.txt   (19,742 bytes)
    • 2016-06-30-page-from-pekabex.pl-with-injected-EITest-script.txt   (44,707 bytes)
    • 2016-06-30-page-from-tne.mx-with-injected-script-pointing-to-realstatistics-gate.txt   (7,378 bytes)
    • 2016-06-30-pseudoDarkleech-CryptXXX-decrypt-instructions.bmp   (3,686,454 bytes)
    • 2016-06-30-pseudoDarkleech-CryptXXX-decrypt-instructions.html   (36,201 bytes)
    • 2016-06-30-pseudoDarkleech-CryptXXX-decrypt-instructions.txt   (1,755 bytes)
    • 2016-06-30-psuedoDarkleech-Neutrino-EK-flash-exploit-after-alphamedical02.fr.swf   (88,194 bytes)
    • 2016-06-30-psuedoDarkleech-Neutrino-EK-flash-exploit-after-austinbioidenticaldoctor.com.swf   (88,194 bytes)
    • 2016-06-30-psuedoDarkleech-Neutrino-EK-landing-page-after-alphamedical02.fr.txt   (1,181 bytes)
    • 2016-06-30-psuedoDarkleech-Neutrino-EK-landing-page-after-austinbioidenticaldoctor.com.txt   (1,153 bytes)
    • 2016-06-30-psuedoDarkleech-Neutrino-EK-landing-page-after-chromechurch.com.txt   (1,241 bytes)
    • 2016-06-30-psuedoDarkleech-Neutrino-EK-payload-CryptXXX-after-alphamedical02.fr.dll   (486,912 bytes)
    • 2016-06-30-psuedoDarkleech-Neutrino-EK-payload-CryptXXX-after-austinbioidenticaldoctor.com.dll   (507,392 bytes)
    • 2016-06-30-psuedoDarkleech-Neutrino-EK-payload-CryptXXX-after-chromechurch.com.dll   (466,432 bytes)
    • 2016-06-30-realstatistics-gate-Neutrino-EK-flash-exploit-after-lostreschiles.com.swf   (89,109 bytes)
    • 2016-06-30-realstatistics-gate-Neutrino-EK-flash-exploit-after-tne.mx.swf   (83,743 bytes)
    • 2016-06-30-realstatistics-gate-Neutrino-EK-landing-page-after-lostreschiles.com.txt   (1,141 bytes)
    • 2016-06-30-realstatistics-gate-Neutrino-EK-landing-page-after-tne.mx.txt   (1,012 bytes)
    • 2016-06-30-realstatistics-gate-Neutrino-EK-payload-Gootkit-after-lostreschiles.com.exe   (249,856 bytes)
    • 2016-06-30-realstatistics-gate-Neutrino-EK-payload-Gootkit-after-tne.mx.exe   (192,512 bytes)

     

    TRAFFIC

    ASSOCIATED DOMAINS:

     

    FILE HASHES

    FLASH EXPLOITS/EITEST FLASH REDIRECTS:

    MALWARE PAYLOADS:

     

    IMAGES


     


     


     


     


     


     


     


     


     

    FINAL NOTES

    Once again, here are the associated files:

    The ZIP file is password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

    Click here to return to the main page.