2016-07-11 - EK DATA DUMP (MAGNITUDE EK, NEUTRINO EK)

ASSOCIATED FILES:

  • 2016-07-11-Afraidgate-Neutrino-EK-sends-CryptXXX.pcap   (1,104,777 bytes)
  • 2016-07-11-Magnitude-EK-sends-Cerber.pcap   (991,030 bytes)
  • 2016-07-11-Neutrino-EK-sends-Gootkit.pcap   (426,467 bytes)
  • 2016-07-11-Afraidgate-CryptXXX-decrypt-instructions.BMP   (3,686,454 bytes)
  • 2016-07-11-Afraidgate-CryptXXX-decrypt-instructions.HTML   (18,215 bytes)
  • 2016-07-11-Afraidgate-Neutrino-EK-flash-exploit.swf   (82,369 bytes)
  • 2016-07-11-Afraidgate-Neutrino-EK-landing-page.txt   (2,076 bytes)
  • 2016-07-11-Afraidgate-Neutrino-EK-payload-CryptXXX.dll   (483,328 bytes)
  • 2016-07-11-Cerber-decryption-instructions.html   (12,414 bytes)
  • 2016-07-11-Cerber-decryption-instructions.txt   (10,522 bytes)
  • 2016-07-11-Cerber-decryption-instructions.vbs   (234 bytes)
  • 2016-07-11-Magnitude-EK-flash-exploit.swf   (58,686 bytes)
  • 2016-07-11-Magnitude-EK-flash-redirect.swf   (720 bytes)
  • 2016-07-11-Magnitude-EK-landing-page.txt   (706 bytes)
  • 2016-07-11-Magnitude-EK-more-html.txt   (22,901 bytes)
  • 2016-07-11-Magnitude-EK-payload-Cerber.exe   (293,656 bytes)
  • 2016-07-11-other-Neutrino-EK-flash-exploit.swf   (84,243 bytes)
  • 2016-07-11-other-Neutrino-EK-landing-page.txt   (2,100 bytes)
  • 2016-07-11-other-Neutrino-EK-payload-Gootkit.exe   (198,144 bytes)

NOTES:

 

TRAFFIC


Shown above:  Traffic from the first pcap filtered in Wireshark (Magnitude EK sends Cerber ransomware).


Shown above:  Traffic from the second pcap filtered in Wireshark (other Neutrino EK sends Gootkit).


Shown above:  Traffic from the third pcap filtered in Wireshark (Afraidgate Neutrino EK sends CryptXXX ransomware).

 

ASSOCIATED DOMAINS:

DOMAINS FROM THE DECRYPT INSTRUCTIONS:

 

FILE HASHES

FLASH REDIRECTS/EXPLOITS:

PAYLOADS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.