2017-04-21 - LOCKY RANSOMWARE INFECTION
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
- 2017-04-21-Locky-ransomware-infection-traffic.pcap.zip 237.9 kB (237,939 bytes)
- 2017-04-21-Locky-ransomware-malspam-tracker.csv.zip 1.2 kB (1,184 bytes)
- 2017-04-21-Locky-ransomware-emails-and-malware.zip 2.4 MB (2,445,413 bytes)
MORE INFO:
- 2017-04-21 - My Online Security: The return of Locky ransomware with fake receipts malspam
- 2017-04-21 - BleepingComputer: The Locky Ransomware is Back and Still Adding OSIRIS to Encrypted Files
IMAGES
ASSOCIATED MALWARE SAMPLES
SHA256 HASHES FOR PDF ATTACHMENTS:
- 1705d38d2ea80177963d67fd18e836326d70a239378d6b9c74d445c5e0b423d6
- 2881600b108ece9a1df3e7659370e3ee79cf233e9723a9acd7985452c5915eb3
- 3ccef773a5527c7128987bb8d359726f0b3d4d84dd6526c1b3aa76fd98b68539
- 59388d5534bd3b7973186c1a82b7db6e33111b57b133f44d8776423aa58f627c
- 9008ee571b139496190f4e54d155300a1c875a8fb9096cfa27809e4e71955176
- 92c3e427edd0b7c986259347e6f5c9a51d534ce789f04cbc086981a7fac7617b
- f1326f8c348b6a4eb0fe0c3fcdc27e8375fd0ea7ecca54d392de790f31a9d037
- ff92433ae4ee90b3c6dd3cd5655302be345addd2a57bf143ee982e692ca7ca33
SHA256 HASHES FOR EMBEDDED WORD DOCUMENTS:
- 2a8590ec5e8cea900e4f21845ab844df3e74e81bf9a093913b6beec41983e522
- 47f599d4bfd72599cdef4d81ecfc37b9d72fa58481a92ad471e873272cc8a915
- 73dc25a92422d64981dc478cf421cab1490022fff9e8cb5859abe85b9a9d3a55
- 97d991869130c62a2dd36e88e4e2b6080dba69ca4ccd56b149b20d8b2895189e
- 9ee4e4015be4bb51843acff67f5dcda39e2ee5debe76e321cb3bb50f59d19392
- c99ef1c016b265b02b978d5395a63f0559c43b42a576fda12c20913bdcfa9da6
- e25b2a1e70f65f07fc9e61204e11fd024382221ff052a963baede8e32cfb613b
- e76789a6c0c6867d1c519edede59ad1be0ab44606df8f8f6400e289fbf47a964
SHA256 HASH FOR LOCKY RANSOMWARE EXE:
- 4ebc124c7e19c2a87f911e9972f365f6fd0ef1532981a828b085e0a6bac2e310
INFECTION TRAFFIC
URLS FOR LOCKY RANSOMWARE EXE DOWNLOAD FROM THE WORD MACROS:
- abcenglishclub[.]com - GET /9yg65
- aielloengineering[.]com - GET /9yg65
- aim-controls[.]com - GET /9yg65
- bhmech[.]com - GET /9yg65
- cindysplace[.]net - GET /9yg65
- clayhero[.]com - GET /9yg65
- dont[.]pl - GET /9yg65
- ercelectronics[.]com - GET /9yg65
- maheriscriverius[.]nl - GET /9yg65
- rootcellar[.]us - GET /9yg65
- ros-jurist[.]ru - GET /9yg65
- sgph.comcastbiz.net - GET /9yg65
- sherwoodbusiness[.]com - GET /9yg65
- uwdesign[.]com[.]br - GET /9yg65
LOCKY RANSOMWARE POST-INFECTION TRAFFIC:
- 80.85.158[.]212 - GET /checkupdate
Click here to return to the main page.