2017-08-02 - MAGNITUDE EK SENDS CERBER RANSOMWARE

ASSOCIATED FILES:

  • 2017-08-02-Magnitude-EK-sends-Cerber-ransomware.pcap   (942,407 bytes)
  • 2017-08-02-Cerber-decryption-instructions.bmp   (1,920,054 bytes)
  • 2017-08-02-Cerber-decryption-instructions_R_E_A_D___T_H_I_S___0AK861OQ_.txt   (1,383 bytes)
  • 2017-08-02-Cerber-decryption-instructions_R_E_A_D___T_H_I_S___DSJR_.hta   (77,982 bytes)
  • 2017-08-02-Magnitude-EK-payload-Cerber.exe   (249,856 bytes)
  • 2017-08-02-Mangitude-EK-flash-exploit.swf   (37,564 bytes)
  • 2017-08-02-Mangitude-EK-landing-page.txt   (7,315 bytes)
  • 2017-08-02-Mangitude-EK-returned-XML-script.txt   (1,343 bytes)
  • 2017-08-02-response-from-b16eauf5z38u9l.ourspen.com.txt   (2,570 bytes)
  • 2017-08-02-response-from-gate-domain-leading-to-Magnitude-EK.txt   (1,204 bytes)

NOTES:

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED DOMAINS AND URLS:

 

FILE HASHES

FLASH EXPLOIT:

MAGNITUDE EK PAYLOAD (CERBER RANSOMWARE):

 

IMAGES


Shown above:  Desktop of the infected Windows host.

 


Shown above:  Cerber decryption instructions.

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.