2017-02-09 - PCAP AND MALWARE FOR AN ISC DIARY

NOTES:

• The associated ISC diary is for Thursday 2017-02-09:  CryptoShield Ransomware from Rig EK
• ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

ASSOCIATED FILES:

• ZIP archive of the pcap:  2017-02-08-EITest-Rig-EK-sends-CryptoShield-ransomware-pcaps.zip   417 kB (416,721 bytes)

• 2017-02-08-EITest-Rig-EK-sends-CryptoShield-ransomware-1st-run.pcap   (276,939 bytes)
• 2017-02-08-EITest-Rig-EK-sends-CryptoShield-ransomware-2nd-run.pcap   (272,596 bytes)

• ZIP archive of the emails and malware:  2017-02-08-EITest-Rig-EK-sends-CryptoShield-malware-and-artifacts.zip   143 kB (143,418 bytes)

• 2017-02-08-CryptoShield-decryption-instructions.html   (2,989 bytes)
• 2017-02-08-CryptoShield-decryption-instructions.txt   (1,735 bytes)
• 2017-02-08-EITest-Rig-EK-payload-CryptoShield-both-runs.exe   (95,232 bytes)
• 2017-02-08-EITest-Rig-EK-payload-artifact-both-runs-QTTYUADAF.txt   (1,137 bytes)
• 2017-02-08-EITest-Rig-EK-payload-flash-exploit-both-runs.swf   (38,172 bytes)
• 2017-02-08-EITest-Rig-EK-payload-landing-page-1st-run.txt   (5,236 bytes)
• 2017-02-08-EITest-Rig-EK-payload-landing-page-2nd-run.txt   (5,240 bytes)
• 2017-02-08-page-from-blog.masmovil.es-wtih-injected-EITest-script-1st-run.txt   (62,113 bytes)
• 2017-02-08-page-from-blog.masmovil.es-wtih-injected-EITest-script-2nd-run.txt   (62,110 bytes)

 

Click here to return to the main page.