2016-10-25 - RIG EK DATA DUMP: REGULAR RIG VS RIG-V

ASSOCIATED FILES:

  • 2016-10-25-Afraidgate-RIGv-sends-Locky.pcap   (312,726 bytes)
  • 2016-10-25-EITest-Rig-EK-first-run.pcap   (1,932,487 bytes)
  • 2016-10-25-EITest-Rig-EK-second-run.pcap   (239,554 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-sends-cerber-first-run.pcap   (666,602 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-sends-cerber-second-run.pcap   (571,063 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-sends-cerber-third-run.pcap   (567,264 bytes)
  • 2016-10-25-Afraidgate-RIGv-flash-exploit.swf   (51,806 bytes)
  • 2016-10-25-Afraidgate-RIGv-landing-page.txt   (5,095 bytes)
  • 2016-10-25-Afraidgate-RIGv-payload-Locky.exe   (230,912 bytes)
  • 2016-10-25-Cerber-decryption-instructions-first-run-README.hta   (63,083 bytes)
  • 2016-10-25-Cerber-decryption-instructions-first-run.bmp   (1,920,054 bytes)
  • 2016-10-25-Cerber-decryption-instructions-second-run-README.hta   (63,083 bytes)
  • 2016-10-25-Cerber-decryption-instructions-second-run.bmp   (1,920,054 bytes)
  • 2016-10-25-Cerber-decryption-instructions-third-run-README.hta   (63,083 bytes)
  • 2016-10-25-Cerber-decryption-instructions-third-run.bmp   (1,920,054 bytes)
  • 2016-10-25-EITest-Rig-EK-flash-exploit-first-run.swf   (52,571 bytes)
  • 2016-10-25-EITest-Rig-EK-flash-exploit-second-run.swf   (52,571 bytes)
  • 2016-10-25-EITest-Rig-EK-landing-page-first-run.txt   (3,287 bytes)
  • 2016-10-25-EITest-Rig-EK-landing-page-second-run.txt   (3,275 bytes)
  • 2016-10-25-EITest-Rig-EK-payload-first-run.exe   (605,696 bytes)
  • 2016-10-25-EITest-Rig-EK-payload-second-run.exe   (171,008 bytes)
  • 2016-10-25-Locky-decryption-instructions_WHAT_is.bmp   (3,864,030 bytes)
  • 2016-10-25-Locky-decryption-instructions_WHAT_is.html   (9,383 bytes)
  • 2016-10-25-page-from-ardenne.org-with-injected-script.txt   (20,170 bytes)
  • 2016-10-25-page-from-discbinedoctor.com-with-injected-script-third-run.txt   (19,826 bytes)
  • 2016-10-25-page-from-joellipman.com-with-injected-script-first-run.txt   (68,046 bytes)
  • 2016-10-25-page-from-standardtime.com-with-injected-script-second-run.txt   (9,191 bytes)
  • 2016-10-25-page-from-wiki.vmug.com-with-injected-EITest-script-first-run.txt   (22,656 bytes)
  • 2016-10-25-page-from-xorbin.com-with-injected-EITest-script-second-run.txt   (21,810 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-flash-exploit-first-run.swf   (51,806 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-flash-exploit-second-run.swf   (51,806 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-flash-exploit-third-run.swf   (51,806 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-landing-page-first-run.txt   (5,079 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-landing-page-second-run.txt   (5,088 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-landing-page-third-run.txt   (5,113 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-payload-Cerber-first-run.exe   (313,605 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-payload-Cerber-second-run.exe   (313,685 bytes)
  • 2016-10-25-pseudoDarkleech-RIGv-payload-Cerber-third-run.exe   (327,870 bytes)
  • 2016-10-25-script-returned-from-jietrdpnd.ddnsking.com-second-run.txt   (379 bytes)
  • 2016-10-25-script-returned-from-qsmaleump.hopto.org-third-run.txt   (393 bytes)
  • 2016-10-25-stowne.our1home.co.uk-xenforo.js.txt   (418 bytes)

 

NOTES:

 

TRAFFIC

 

ASSOCIATED DOMAINS:

DOMAINS FROM THE DECRYPT INSTRUCTIONS:

 

FILE HASHES

FLASH EXPLOITS:

PAYLOAD:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.