2017-05-12 - RIG EK EXAMPLES

ASSOCIATED FILES:

• Zip archive of the pcaps:  2017-05-12-Rig-EK-pcaps.zip   1.5 MB (1,490,466 bytes)
• Zip archive of the malware and artifacts:  2017-05-12-Rig-EK-malware-and-artifacts.zip   504 kB (503,862 bytes)

NOTES:

• Just documenting some Rig EK examples from the Decimal IP and Seamless campaigns.

 

TRAFFIC

 

SOME RIG EK DOMAINS SEEN ON 2017-05-12:

• 185.154.52.254 port 80 - vsa.revolution-inspire-water.com
• 185.154.52.254 port 80 - sas.siliconsantamonica.com
• 185.154.52.254 port 80 - xzx.soulbatical.co
• 185.154.53.7 port 80 - add.venicebeachsurflodge.com
• 185.154.53.7 port 80 - top.5nerds.com

 

MALWARE

RIG EK FLASH EXPLOIT SEEN ON 2017-05-12:

• SHA256 hash:  50e3fddf0d734a5429272088c2ea1830a033a87f47ff2f38afb5cc0ce9ed9fac
• File size:  12,965 bytes

 

RIG EK PAYLOADS SEEN ON 2017-05-12:

• SHA256 hash:  720a10b40e03e1a599b08a72f3673c9da862de173096a3923a91e7906a54251e
• File size:  134,656 bytes

• SHA256 hash:  0fd66826ca59b33c8f9d116c97a80e632cf87821fba6e9a3ea10321e757e41c2
• File size:  229,376 bytes

 

FINAL NOTES

Once again, here are the associated files:

• Zip archive of the pcaps:  2017-05-12-Rig-EK-pcaps.zip   1.5 MB (1,490,466 bytes)
• Zip archive of the malware and artifacts:  2017-05-12-Rig-EK-malware-and-artifacts.zip   504 kB (503,862 bytes)

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.