2017-08-25 - SEAMLESS CAMPAIGN RIG EK SENDS RAMNIT

NOTICE:

ASSOCIATED FILES:

  • 2017-08-25-Seamless-campaign-Rig-EK-sends-Ramnit.pcap   (959,167 bytes)
  • 2017-08-25-194.58.40_48-signu4.php.txt   (328 bytes)
  • 2017-08-25-Rig-EK-artifacts-o32.tmp.txt   (1,141 bytes)
  • 2017-08-25-Rig-EK-flash-exploit.swf   (14,679 bytes)
  • 2017-08-25-Rig-EK-landing-page.txt   (122,438 bytes)
  • 2017-08-25-Seamless-campaign-Rig-EK-payload-Ramnit.exe   (288,256 bytes)

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

RIG EK FLASH EXPLOIT:

MALWARE RETRIEVED FROM THE INFECTED HOST:

 

Click here to return to the main page.