2016-12-16 - FILES FOR AN ISC DIARY (CERER RANSOMWARE)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

NOTES:

• The associated ISC diary is :  One, if by email, and two, if by EK: The Cerbers are coming!

 

ASSOCIATED FILES:

• 2016-12-16-ISC-diary-pcaps.zip   751.1 kB (751,100 bytes)

• 2016-12-15-EITest-Rig-V-sends-Cerber-ransomware.pcap   (593,828 bytes)
• 2016-12-15-pseudoDarkleech-Rig-V-sends-Cerber-ransomware.pcap   (388,679 bytes)

• 2016-12-16-ISC-diary-malware-and-artifacts.zip   996.2 kB (996,152 bytes)

• 2016-12-15-Cerber-ransomware-decryption-instructions_README_1C5Z3Y_.hta   (66,409 bytes)
• 2016-12-15-Cerber-ransomware-decryption-instructions_README_1C5Z3Y_.jpg   (184,026 bytes)
• 2016-12-15-Cerber-ransomware-decryption-instructions_README_QF6BOBL_.hta   (66,409 bytes)
• 2016-12-15-Cerber-ransomware-decryption-instructions_README_QF6BOBL_.jpg   (189,600 bytes)
• 2016-12-15-EITest-Rig-V-artifact-OTTYUADAF.txt   (1,137 bytes)
• 2016-12-15-EITest-Rig-V-flash-exploit.swf   (14,094 bytes)
• 2016-12-15-EITest-Rig-V-landing-page.txt   (30,525 bytes)
• 2016-12-15-EITest-Rig-V-payload-Cerber-ransomware-rad8DE79.tmp.exe   (245,715 bytes)
• 2016-12-15-page-from-dataproec_com-with-injected-EITest-script.txt   (55,904 bytes)
• 2016-12-15-page-from-whatsmybirthflower_com-with-injected-pseudoDarkleech-script.txt   (65,803 bytes)
• 2016-12-15-pseudoDarkleech-Rig-V-artifact-OTTYUADAF.txt   (1,137 bytes)
• 2016-12-15-pseudoDarkleech-Rig-V-flash-exploit.swf   (14,094 bytes)
• 2016-12-15-pseudoDarkleech-Rig-V-landing-page.txt   (90,265 bytes)
• 2016-12-15-pseudoDarkleech-Rig-V-payload-Cerber-ransomware-rad8AA1F.tmp.exe   (252,967 bytes)

 

Click here to return to the main page.