2017-06-20 - RIG EK FROM HOOKADS CAMPAIGN SENDS DREAMBOT & CHTHONIC

ASSOCIATED FILES:

  • 2017-06-20-1st-run-HookAds-Rig-EK-sends-Dreambot-and-Chthonic.pcap   (1,888,062 bytes)
  • 2017-06-20-2nd-run-HookAds-Rig-EK-sends-Dreambot.pcap   (3,694,234 bytes)
  • 2017-06-20-1st-and-2nd-runs-HookAds-Rig-EK-payload-Dreambot.exe   (218,624 bytes)
  • 2017-06-20-1st-and-2nd-runs-Rig-EK-artifact-o32.tmp.txt   (1,141 bytes)
  • 2017-06-20-1st-and-2nd-runs-Rig-EK-flash-exploit.swf   (16,299 bytes)
  • 2017-06-20-1st-run-HookAds-Rig-EK-payload-Chthonic.exe   (351,232 bytes)
  • 2017-06-20-1st-run-Rig-EK-landing-page.txt   (121,380 bytes)
  • 2017-06-20-2nd-run-Rig-EK-landing-page.txt   (121,419 bytes)

 

BACKGROUND ON THE HOOKADS CAMPAIGN:

OTHER NOTES:

 

TRAFFIC


Shown above:  Traffic from the 1st run filtered in Wireshark.

 


Shown above:  Traffic from the 2nd run filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

FLASH EXPLOITS:

MALWARE RETRIEVED FROM THE INFECTED HOSTS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.