2017-12-19 - QUICK POST: EITEST HOEFLERTEXT POPUPS OR FAKE ANTI-VIRUS PAGES
- Zip archive of the pcaps: 2017-12-19-EITest-campaign-pcaps.zip 3.5 MB (3,512,641 bytes)
- Zip archive of the malware and associated artifacts: 2017-12-19-EITest-campaign-malware-and-artifacts.zip 459 kB (459,498 bytes)
- This is a quick post with pcaps and malware/artifact samples only.
- Zip files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
- "EITest" is a long-running campaign that formerly used exploit kits to distribute malware.
- Earlier this year, EITest turned to different methods like HoeflerText popups or fake anti-virus pages pushing tech support scams.
- In September 2017, Palo Alto Networks published a Unit 42 blog I wrote about HoeflerText popups that EITest uses to distribute malware. Click here for details.
- Today's diary is almost a repeat of traffic seen last week on 2017-12-12.
Shown above: Current flow chart for activity by the EITest campaign.
Shown above: When using Google Chrome.
Shown above: When using Internet Explorer.
Click here to return to the main page.