2016-05-03 - FILES FOR AN ISC DIARY

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

NOTES:

• The associated ISC diary is here.

• I didn't include any of the UDP post-infection traffic in the second pcap.

 

ASSOCIATED FILES:

• 2016-05-03-Neutrino-EK-sends-Cerber-ransomware-2-pcaps.zip   1.9 MB (1,893,356 bytes)

• 2016-05-03-Neutrino-EK-sends-Cerber-ransomware-first-run.pcap   (5,147,821 bytes)
• 2016-05-03-Neutrino-EK-sends-Cerber-ransomware-second-run.pcap   (361,410 bytes)

• 2016-05-03-Neutrino-EK-and-Cerber-ransomware-files.zip   424.1 kB (424,135 bytes)

• # DECRYPT MY FILES #.html   (12,579 bytes)
• # DECRYPT MY FILES #.txt   (11,247 bytes)
• # DECRYPT MY FILES #.vbs   (204 bytes)
• 2016-05-03-Neutrino-EK-flash-exploit-first-run.swf   (73,956 bytes)
• 2016-05-03-Neutrino-EK-flash-exploit-second-run.swf   (70,604 bytes)
• 2016-05-03-Neutrino-EK-landing-page.txt   (1,286 bytes)
• 2016-05-03-Neutrino-EK-payload-Cerber-ransomware-first-run.exe   (551,936 bytes)
• 2016-05-03-Neutrino-EK-payload-Cerber-ransomware-second-run.exe   (252,928 bytes)

 

Click here to return to the main page.