2016-12-16 - PCAP AND MALWARE FOR AN ISC DIARY

NOTES:

• The associated ISC diary is for Friday 2016-12-16:  One, if by email, and two, if by EK: The Cerbers are coming!
• ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

ASSOCIATED FILES:

• ZIP archive of the pcaps:  2016-12-16-ISC-diary-pcaps.zip   751 kB (750,810 bytes)

• 2016-12-15-EITest-Rig-V-sends-Cerber-ransomware.pcap   (593,828 bytes)
• 2016-12-15-pseudoDarkleech-Rig-V-sends-Cerber-ransomware.pcap   (388,679 bytes)

• ZIP archive of the malware and artifacts:  2016-12-16-ISC-diary-malware-and-artifacts.zip   995 kB (994,602 bytes)

• 2016-12-15-Cerber-decryption-instructions_README_1C5Z3Y_.hta   (66,409 bytes)
• 2016-12-15-Cerber-decryption-instructions_README_1C5Z3Y_.jpg   (184,026 bytes)
• 2016-12-15-Cerber-decryption-instructions_README_QF6BOBL_.hta   (66,409 bytes)
• 2016-12-15-Cerber-decryption-instructions_README_QF6BOBL_.jpg   (189,600 bytes)
• 2016-12-15-EITest-Rig-V-artifact-OTTYUADAF.txt   (1,137 bytes)
• 2016-12-15-EITest-Rig-V-flash-exploit.swf   (14,094 bytes)
• 2016-12-15-EITest-Rig-V-landing-page.txt   (30,525 bytes)
• 2016-12-15-EITest-Rig-V-payload-Cerber-rad8DE79.tmp.exe   (245,715 bytes)
• 2016-12-15-page-from-dataproec.com-with-injected-EITest-script.txt   (55,904 bytes)
• 2016-12-15-page-from-whatsmybirthflower.com-with-injected-pseudoDarkleech-script.txt   (65,803 bytes)
• 2016-12-15-pseudoDarkleech-Rig-V-artifact-OTTYUADAF.txt   (1,137 bytes)
• 2016-12-15-pseudoDarkleech-Rig-V-flash-exploit.swf   (14,094 bytes)
• 2016-12-15-pseudoDarkleech-Rig-V-landing-page.txt   (90,265 bytes)
• 2016-12-15-pseudoDarkleech-Rig-V-payload-Cerber-rad8AA1F.tmp.exe   (252,967 bytes)

 

Click here to return to the main page.