2017-01-27 - ONGOING MALSPAM CAMPAIGN SPREADING RANSOMWARE

ASSOCIATED FILES:

 

NOTES:

 

EMAILS


Shown above:  Information from the spreadsheet tracker (part 1 of 2).

 


Shown above:  Information from the spreadsheet tracker (part 2 of 2).

 

EMAILS GATHERED:

(Read: Date/Time -- Sending address (spoofed) -- Attachment)

 

ATTACHED ZIP ARCHIVES AND EXTRACTED FILES

SHA256 HASHES FOR THE EMAIL ATTACHMENTS:

 

SHA256 HASHES FOR THE EXTRACTED .JS FILES AND WORD DOCUMENTS:

 

TRAFFIC

HTTP REQUESTS FOR THE CERBER RANSOMWARE:

NOTE:  These domains are all hosted on Amazon Web Services (AWS).  Many of the URLs to download the ransomware are still active as I write this.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.