2017-02-09 - PCAP AND MALWARE FOR AN ISC DIARY
NOTES:
- The associated ISC diary is for Thursday 2017-02-09: CryptoShield Ransomware from Rig EK
- ZIP files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
ASSOCIATED FILES:
- ZIP archive of the pcap: 2017-02-08-EITest-Rig-EK-sends-CryptoShield-ransomware-pcaps.zip 417 kB (416,721 bytes)
- 2017-02-08-EITest-Rig-EK-sends-CryptoShield-ransomware-1st-run.pcap (276,939 bytes)
- 2017-02-08-EITest-Rig-EK-sends-CryptoShield-ransomware-2nd-run.pcap (272,596 bytes)
- ZIP archive of the emails and malware: 2017-02-08-EITest-Rig-EK-sends-CryptoShield-malware-and-artifacts.zip 143 kB (143,418 bytes)
- 2017-02-08-CryptoShield-decryption-instructions.html (2,989 bytes)
- 2017-02-08-CryptoShield-decryption-instructions.txt (1,735 bytes)
- 2017-02-08-EITest-Rig-EK-payload-CryptoShield-both-runs.exe (95,232 bytes)
- 2017-02-08-EITest-Rig-EK-payload-artifact-both-runs-QTTYUADAF.txt (1,137 bytes)
- 2017-02-08-EITest-Rig-EK-payload-flash-exploit-both-runs.swf (38,172 bytes)
- 2017-02-08-EITest-Rig-EK-payload-landing-page-1st-run.txt (5,236 bytes)
- 2017-02-08-EITest-Rig-EK-payload-landing-page-2nd-run.txt (5,240 bytes)
- 2017-02-08-page-from-blog.masmovil.es-wtih-injected-EITest-script-1st-run.txt (62,113 bytes)
- 2017-02-08-page-from-blog.masmovil.es-wtih-injected-EITest-script-2nd-run.txt (62,110 bytes)
Click here to return to the main page.