2019-05-22 - RIG EK FROM UNKNOWN CAMPAIGN SENDS GANDCRAB RANSOMWARE

ASSOCIATED FILES:

  • 2019-05-22-Rig-EK-sends-Gandcrab-ransomware.pcap   (786,909 bytes)
  • 2019-05-22-Gandcrab-ransomware-decryption-instructions.txt   (2,914 bytes)
  • 2019-05-22-Rig-EK-artifact-T.t.txt   (1,149 bytes)
  • 2019-05-22-Rig-EK-flash-exploit.swf   (9,367 bytes)
  • 2019-05-22-Rig-EK-landing-page.txt   (114,013 bytes)
  • 2019-05-22-Rig-EK-payload-Gandcrab-ransomware.exe   (671,744 bytes)

NOTES:

 

WEB TRAFFIC BLOCK LIST

Indicators are not a block list.  If you feel the need to block web traffic, I suggest the following domain:

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

GATE DOMAIN THAT LED TO RIG EK:

RIG EK:

TRAFFIC CAUSED BY GANDCRAB RANSOMWARE (POSSIBLE CONNECTIVITY CHECK, NOT INHERENTLY MALICIOUS):

 

FILE HASHES

RIG EK FLASH EXPLOIT:

RIG EK PAYLOAD (GANDCRAB VERSION 5.2 RANSOMWARE):

 

FINAL NOTES

Once again, here are the associated files:

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.