2019-01-10 - HOOKADS CAMPAIGN RIG EK PUSHES VIDAR

ASSOCIATED FILES:

  • 2019-01-10-HookAds-Rig-EK-sends-Vidar.pcap   (3,400,129 bytes)
  • Zip archive of the malware & artifacts:  2019-01-10-Rig-EK-and-Vidar-malware-and-artifacts.zip   504 kB (503,991 bytes)
    • 2019-01-10-Rig-EK-artifact-a.e.txt   (1,149 bytes)
    • 2019-01-10-Rig-EK-flash-exploit.swf   (32,312 bytes)
    • 2019-01-10-Rig-EK-landing-page.txt   (136,334 bytes)
    • 2019-01-10-Rig-EK-payload-Vidar.exe   (620,544 bytes)

    NOTES:

     

    WEB TRAFFIC BLOCK LIST

    Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following domains:

     

    TRAFFIC


    Shown above:  Infection traffic filtered in Wireshark.

     

    TRAFFIC TO DECOY DATING SITE USED BY HOOKADS AND REDIRECT LEADING TO RIG EK:

    RIG EK:

    VIDAR TRAFFIC:

     

    FILE HASHES

    RIG EK FLASH EXPLOIT:

    PAYLOAD FROM RIG EK:

     

    FINAL NOTES

    Once again, here are the associated files:

    Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

    Click here to return to the main page.