2017-09-05 - GRAB BAG

NOTES:

• This is what happens when you collect and review all day, but you forget to budget ay time for writeups.
• Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

EMAILS / MALWARE / PCAPS

NECURS BOTNET MALSPAM PUSHING LOCKY RANSOMWARE - DIFFERENT SUBJECTS

• 2017-09-05-Necurs-botnet-malspam-tracker.csv.zip   2.0 kB (2,041 bytes)
• 2017-09-05-Necurs-botnet-malspam-pushing-Locky-emails-and-malware.zip   2.0 MB (1,974,587 bytes)
• 2017-09-05-Necurs-botnet-malspam-pushes-Locky-ransomware-3-pcaps.zip   3.5 MB (3,499,834 bytes)

 

HANCITOR MALSPAM - SUBJECT: USPS - HOLDMAIL CONFIRMATION [12345678]

• 2017-09-05-Hancitor-malspam-3-emails.zip   5.2 kB (5,180 bytes)
• 2017-09-05-Hancitor-malspam-malware-and-artifacts.zip   244 kB (243,538 bytes)
• 2017-09-05-Hancitor-malspam-traffic-example.pcap.zip   9.5 MB (9,490,228 bytes)

 

TRICKBOT MALSPAM - SUBJECT: EFAX

• 2017-09-05-Trickbot-malspam-email.zip   62.2 kB (62,156 bytes)
• 2017-09-05-Trickbot-malspam-malware-and-artifacts.zip   343 kB (342,805 bytes)
• 2017-09-05-Trickbot-malspam-traffic-example.pcap.zip   1.2 MB (1,245,217 bytes)

 

BRAZIL MALSPAM - SUBJECT: BOLETO ATUALIZADO: 04/09/2017

• 2017-09-04-Brazil-malspam-3-emails.zip   3.3 kB (3,282 bytes)
• 2017-09-05-Brazil-malspam-malware-and-artifacts.zip   22.6 MB (22,586,440 bytes)
• 2017-09-05-Brazil-malspam-traffic-example.pcap.zip   12.0 MB (11,956,286 bytes)

 

BRAZIL MALSPAM - SUBJECT: SOLICITACAO DE ORCAMENTO. 05/09/2017 [HH:MM:SS]

• 2017-09-05-Brazil-malspam-Solicitacao-de-Orcamento-1320-UTC.eml.zip   2.2 kB (2,172 bytes)
• 2017-09-05-Brazil-malspam-Solicitacao-de-Orcamento-malware.zip   3.9 kB (3,857 bytes)
• 2017-09-05-Brazil-malspam-Solicitacao-de-Orcamento-traffic-example.pcap.zip   8.9 MB (8,877,166 bytes)
• NOTE:  Follow-up malware for this is the same stuff documented in this blog post from yesterday.

 

Click here to return to the main page.