2016-07-07 - PIZZACRYPTS... REALLY?

ASSOCIATED FILES:

  • 2016-07-07-Neutrino-EK-sends-pizzacrypts.pcap   (273,028 bytes)
  • 2016-07-07-Neutrino-EK-flash-exploit.swf   (79,659 bytes)
  • 2016-07-07-Neutrino-EK-landing-page.txt   (3,199 bytes)
  • 2016-07-07-Neutrino-EK-payload-pizzacrypts.exe   (172,034 bytes)
  • Pizzacrypts Info.txt   (772 bytes)

 

NOTES:


Shown above:  My initial tipper for today's traffic.

 


Shown above:  EmergningThreats rule hit on the post-infection traffic.

 

TRAFFIC


Shown above:  Traffic from today's infection filtered in Wireshark.

ASSOCIATED DOMAINS:

ADDRESSES FROM THE DECRYPT INSTRUCTIONS:


Shown above:  Whois data on pizzacrypts.info, registered 5 days ago.

 

FILE HASHES

FLASH EXPLOIT:

MALWARE PAYLOAD:

 

OTHER IMAGES


Shown above:  Desktop of the infected Windows host.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.