2016-10-20 - EITEST RIG EK DATA DUMP

ASSOCIATED FILES:

  • 2016-10-20-EITest-Rig-EK-1st-run.pcap   (3,532,390 bytes)
  • 2016-10-20-EITest-Rig-EK-2nd-run.pcap   (215,287 bytes)
  • 2016-10-20-EITest-Rig-EK-3rd-run.pcap   (1,727,403 bytes)
  • 2016-10-20-EITest-Rig-EK-4th-run.pcap   (1,655,781 bytes)
  • 2016-10-20-EITest-Rig-EK-5th-run.pcap   (3,860,545 bytes)
  • 2016-10-20-EITest-Rig-EK-6th-run.pcap   (339,632 bytes)
  • 2016-10-20-EITest-Rig-EK-7th-run.pcap   (379,469 bytes)
  • 2016-10-20-EITest-Rig-EK-8th-run.pcap   (758,051 bytes)
  • 2016-10-20-EITest-Rig-EK-flash-exploit-1st-run.swf   (77,131 bytes)
  • 2016-10-20-EITest-Rig-EK-flash-exploit-2nd-run.swf   (77,131 bytes)
  • 2016-10-20-EITest-Rig-EK-flash-exploit-3rd-run.swf   (77,131 bytes)
  • 2016-10-20-EITest-Rig-EK-flash-exploit-4th-run.swf   (77,131 bytes)
  • 2016-10-20-EITest-Rig-EK-flash-exploit-5th-run.swf   (77,131 bytes)
  • 2016-10-20-EITest-Rig-EK-flash-exploit-6th-run.swf   (77,131 bytes)
  • 2016-10-20-EITest-Rig-EK-flash-exploit-7th-run.swf   (77,131 bytes)
  • 2016-10-20-EITest-Rig-EK-flash-exploit-8th-run.swf   (77,131 bytes)
  • 2016-10-20-EITest-Rig-EK-landing-page-1st-run.txt   (3,444 bytes)
  • 2016-10-20-EITest-Rig-EK-landing-page-2nd-run.txt   (3,518 bytes)
  • 2016-10-20-EITest-Rig-EK-landing-page-3rd-run.txt   (3,453 bytes)
  • 2016-10-20-EITest-Rig-EK-landing-page-4th-run.txt   (3,465 bytes)
  • 2016-10-20-EITest-Rig-EK-landing-page-5th-run.txt   (3,467 bytes)
  • 2016-10-20-EITest-Rig-EK-landing-page-6th-run.txt   (3,455 bytes)
  • 2016-10-20-EITest-Rig-EK-landing-page-7th-run.txt   (3,440 bytes)
  • 2016-10-20-EITest-Rig-EK-landing-page-8th-run.txt   (3,457 bytes)
  • 2016-10-20-EITest-Rig-EK-payload-1st-run.exe   (174,418 bytes)
  • 2016-10-20-EITest-Rig-EK-payload-2nd-run.exe   (79,872 bytes)
  • 2016-10-20-EITest-Rig-EK-payload-3rd-run.exe   (192,512 bytes)
  • 2016-10-20-EITest-Rig-EK-payload-4th-run.exe   (192,512 bytes)
  • 2016-10-20-EITest-Rig-EK-payload-5th-run.exe   (216,064 bytes)
  • 2016-10-20-EITest-Rig-EK-payload-6th-run.exe   (216,064 bytes)
  • 2016-10-20-EITest-Rig-EK-payload-7th-run.exe   (260,096 bytes)
  • 2016-10-20-EITest-Rig-EK-payload-8th-run.exe   (163,840 bytes)
  • 2016-10-20-page-from-shapeoko.com-with-injected-script-1st-run.txt   (47,221 bytes)
  • 2016-10-20-page-from-shapeoko.com-with-injected-script-2nd-run.txt   (47,218 bytes)
  • 2016-10-20-page-from-shapeoko.com-with-injected-script-3rd-run.txt   (47,429 bytes)
  • 2016-10-20-page-from-shapeoko.com-with-injected-script-4th-run.txt   (46,360 bytes)
  • 2016-10-20-page-from-shapeoko.com-with-injected-script-5th-run.txt   (47,265 bytes)
  • 2016-10-20-page-from-shapeoko.com-with-injected-script-6th-run.txt   (47,296 bytes)
  • 2016-10-20-page-from-shapeoko.com-with-injected-script-7th-run.txt   (47,390 bytes)
  • 016-10-20-page-from-shapeoko.com-with-injected-script-8th-run.txt   (47,057 bytes)

 

NOTES:

 

BACKGROUND ON THE EITEST CAMPAIGN:

 


Shown above:  Flowchart for this infection traffic.

 

TRAFFIC


Shown above:  Example of injected script from the EITest campaign in a page from the compromised site.


Shown above:  Traffic from the 1st infection filtered in Wireshark.


Shown above:  Traffic from the 2nd infection filtered in Wireshark.


Shown above:  Traffic from the 3rd infection filtered in Wireshark.


Shown above:  Traffic from the 4th infection filtered in Wireshark.


Shown above:  Traffic from the 5th infection filtered in Wireshark.


Shown above:  Traffic from the 6th infection filtered in Wireshark.


Shown above:  Traffic from the 7th infection filtered in Wireshark.


Shown above:  Traffic from the 8th infection filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

FLASH EXPLOITS:

PAYLOADS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.