2016-11-18 - PCAP AND MALWARE FOR AN ISC DIARY

NOTES:

• The associated ISC diary is for Friday 2016-11-18:  2016-11-18 example of KaiXin EK activity
• ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

ASSOCIATED FILES:

• ZIP archive of the pcap:  2016-11-18-ISC-diary-traffic.zip   2.29 MB (2,291,336 bytes)

• 2016-11-18-1st-run-KaiXin-EK.pcap   (71,011 bytes)
• 2016-11-18-2nd-run-KaiXin-EK.pcap   (121,456 bytes)
• 2016-11-18-3rd-run-KaiXin-EK.pcap   (200,514 bytes)
• 2016-11-18-analysis-of-KaiXin-EK-payload.pcap   (2,534,415 bytes)
• 2016-11-18-analysis-of-follow-up-malware.pcap   (951 bytes)

• ZIP archive of the malware:  2016-11-18-ISC-diary-malware-and-artifacts.zip   2.06 MB (2,061,641 bytes)

• 2016-11-18-KaiXin-EK-GlMcAs.txt   (16,688 bytes)
• 2016-11-18-KaiXin-EK-NxIvDu.txt   (10,183 bytes)
• 2016-11-18-KaiXin-EK-TdTzMy.jar   (2,989 bytes)
• 2016-11-18-KaiXin-EK-artifact-ABCDE.vbs.txt   (452 bytes)
• 2016-11-18-KaiXin-EK-b02q1.exe   (8,192 bytes)
• 2016-11-18-KaiXin-EK-bin.swf   (11,412 bytes)
• 2016-11-18-KaiXin-EK-caihong.txt   (9,125 bytes)
• 2016-11-18-KaiXin-EK-gate-second-index.txt   (17,975 bytes)
• 2016-11-18-KaiXin-EK-jquery.js.txt   (15,728 bytes)
• 2016-11-18-KaiXin-EK-landing-page-2nd-index.txt   (4,932 bytes)
• 2016-11-18-KaiXin-EK-license.swf   (45,288 bytes)
• 2016-11-18-KaiXin-EK-logo.swf   (30,349 bytes)
• 2016-11-18-KaiXin-EK-swfobject.js.txt   (12,624 bytes)
• 2016-11-18-follow-up-malware-cj1.exe   (2,095,616 bytes)

 

Click here to return to the main page.