2017-05-12 - RIG EK EXAMPLES
ASSOCIATED FILES:
- Zip archive of the pcaps: 2017-05-12-Rig-EK-pcaps.zip 1.5 MB (1,490,466 bytes)
- Zip archive of the malware and artifacts: 2017-05-12-Rig-EK-malware-and-artifacts.zip 504 kB (503,862 bytes)
NOTES:
- Just documenting some Rig EK examples from the Decimal IP and Seamless campaigns.
TRAFFIC
SOME RIG EK DOMAINS SEEN ON 2017-05-12:
- 185.154.52.254 port 80 - vsa.revolution-inspire-water.com
- 185.154.52.254 port 80 - sas.siliconsantamonica.com
- 185.154.52.254 port 80 - xzx.soulbatical.co
- 185.154.53.7 port 80 - add.venicebeachsurflodge.com
- 185.154.53.7 port 80 - top.5nerds.com
MALWARE
RIG EK FLASH EXPLOIT SEEN ON 2017-05-12:
- SHA256 hash: 50e3fddf0d734a5429272088c2ea1830a033a87f47ff2f38afb5cc0ce9ed9fac
- File size: 12,965 bytes
RIG EK PAYLOADS SEEN ON 2017-05-12:
- SHA256 hash: 720a10b40e03e1a599b08a72f3673c9da862de173096a3923a91e7906a54251e
- File size: 134,656 bytes
- SHA256 hash: 0fd66826ca59b33c8f9d116c97a80e632cf87821fba6e9a3ea10321e757e41c2
- File size: 229,376 bytes
FINAL NOTES
Once again, here are the associated files:
- Zip archive of the pcaps: 2017-05-12-Rig-EK-pcaps.zip 1.5 MB (1,490,466 bytes)
- Zip archive of the malware and artifacts: 2017-05-12-Rig-EK-malware-and-artifacts.zip 504 kB (503,862 bytes)
ZIP files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Click here to return to the main page.