2016-08-17 - PCAPS AND MALWARE FOR AN ISC DIARY

ASSOCIATED FILES:

• ZIP archive of the pcaps:  2016-08-17-pcaps-for-ISC-diary.zip   1.2 MB (1,177,948 bytes)

• 2016-08-17-EITest-Rig-EK-sends-possible-Vawtrak-after-agreen.com.tr.pcap   (1,090,981 bytes)
• 2016-08-17-pseudoDarkleech-Neutrino-EK-sends-CrypMIC-after-agreen.com.tr.pcap   (454,695 bytes)

• ZIP archive of the malware:  2016-08-17-malware-and-artifacts-for-ISC-diary.zip   560.6 kB (560,574 bytes)

• 2016-08-17-EITest-flash-redirect-from-kydiris.xyz.swf   (4,977 bytes)
• 2016-08-17-EITest-Rig-EK-flash-exploit.swf   (48,400 bytes)
• 2016-08-17-EITest-Rig-EK-landing-page.txt   (5,062 bytes)
• 2016-08-17-EITest-Rig-EK-payload-possible-Vawtrak.exe   (180,224 bytes)
• 2016-08-17-page-from-agreen.com.tr-with-injected-script-first-run-pseudoDarkleech-and-EITest.txt   (29,894 bytes)
• 2016-08-17-page-from-agreen.com.tr-with-injected-script-second-run-EITest-only.txt   (29,883 bytes)
• 2016-08-17-pseudoDarkleech-CrypMIC-decrypt-instructions.HTML   (238,182 bytes)
• 2016-08-17-pseudoDarkleech-CrypMIC-decrypt-instructions.JPG   (227,805 bytes)
• 2016-08-17-pseudoDarkleech-CrypMIC-decrypt-instructions.TXT   (1,654 bytes)
• 2016-08-17-pseudoDarkleech-Neutrino-EK-flash-exploit.swf   (78,071 bytes)
• 2016-08-17-pseudoDarkleech-Neutrino-EK-landing-page.txt   (2,332 bytes)
• 2016-08-17-pseudoDarkleech-Neutrino-EK-payload-CrypMIC.dll   (73,728 bytes)

 

NOTES:

• The associated ISC diary is for Thursday 2016-08-18:  1 compromised site - 2 campaigns
• ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

Click here to return to the main page.