2017-05-12 - RIG EK EXAMPLES

ASSOCIATED FILES:

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

• 2017-05-12-Rig-EK-traffic-5-pcaps.zip   1.5 MB (1,490,466 bytes)
• 2017-05-12-Rig-EK-malware-and-artifacts.zip   504 kB (503,862 bytes)

NOTES:

• JDocumenting some Rig EK examples from the Decimal IP and Seamless campaigns.

 

TRAFFIC

 

SOME RIG EK DOMAINS SEEN ON 2017-05-12:

• 185.154.52[.]254 port 80 - vsa.revolution-inspire-water[.]com
• 185.154.52[.]254 port 80 - sas.siliconsantamonica[.]com
• 185.154.52[.]254 port 80 - xzx.soulbatical[.]co
• 185.154.53[.]7 port 80 - add.venicebeachsurflodge[.]com
• 185.154.53[.]7 port 80 - top.5nerds[.]com

 

MALWARE

RIG EK FLASH EXPLOIT SEEN ON 2017-05-12:

• SHA256 hash:  50e3fddf0d734a5429272088c2ea1830a033a87f47ff2f38afb5cc0ce9ed9fac
• File size:  12,965 bytes

 

RIG EK PAYLOADS SEEN ON 2017-05-12:

• SHA256 hash:  720a10b40e03e1a599b08a72f3673c9da862de173096a3923a91e7906a54251e
• File size:  134,656 bytes

• SHA256 hash:  0fd66826ca59b33c8f9d116c97a80e632cf87821fba6e9a3ea10321e757e41c2
• File size:  229,376 bytes

 

Click here to return to the main page.