2017-06-21 - RIG EK SENDS BUNITU

NOTICE:

ASSOCIATED FILES:

  • 2017-06-21-Rig-EK-sends-Bunitu.pcap   (294,060 bytes)
  • 2017-06-21-Rig-EK-flash-exploit.swf   (16,299 bytes)
  • 2017-06-21-Rig-EK-landing-page.txt   (121,339 bytes)
  • 2017-06-21-Rig-EK-payload-Bunitu.exe   (177,498 bytes)
  • 2017-06-21-post-infection-artifact-drudppf.dll   (13,312 bytes)

 

OTHER NOTES:

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

FLASH EXPLOITS:

MALWARE RETRIEVED FROM THE INFECTED HOST:


Shown above:  The malware payload (re-named for today's malware archive).

 


Shown above:  Windows registry update for persistence.

 

Click here to return to the main page.