2017-09-05 - GRAB BAG

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

NOTES:

• This is what happens when you collect and review all day, but you forget to budget any time for writeups.

 

EMAILS / MALWARE / PCAPS

LOCKY RANSOMWARE INFECTION FROM NECURS BOTNET MALSPAM

• 2017-09-05-Necurs-botnet-malspam-tracker.csv.zip   2.0 kB (2,041 bytes)
• 2017-09-05-Necurs-botnet-malspam-and-Locky-ransomware-emails-and-malware.zip   2.0 MB (1,986,703 bytes)
• 2017-09-05-Necurs-botnet-malspam-pushes-Locky-ransomware-3-pcaps.zip   3.5 MB (3,500,482 bytes)

 

HANCITOR INFECTION WITH ZLOADER

• 2017-09-05-Hancitor-malspam-3-examples.zip   5.6 kB (5,620 bytes)
• 2017-09-05-malware-from-Hancitor-infection.zip   243.9 kB (243,924 bytes)
• 2017-09-05-Hancitor-infection-with-ZLoader.pcap.zip   9.5 MB (9,490,226 bytes)

 

TRICKBOT INFECTION

• 2017-09-05-Trickbot-malspam-1153-UTC.eml.zip   62.2 kB (62,156 bytes)
• 2017-09-05-malware-from-Trickbot-infection.zip   343.3 kB (343,277 bytes)
• 2017-09-05-Trickbot-infection-traffic.pcap.zip   1.2 MB (1,245,2057 bytes)

 

INFOSTEALER INFECTION FROM BRAZIL MALSPAM

• 2017-09-05-Brazil-malspam-3-examples.zip   3.7 kB (3,706 bytes)
• 2017-09-05-malware-from-Brazil-infostealer-infection.zip   22.6 MB (22,587,522 bytes)
• 2017-09-05-Brazil-infostealer-traffic.pcap.zip   12.0 MB (11,956,278 bytes)

 

INFOSTEALER INFECTION FROM BRAZIL MALSPAM - SUBJECT: SOLICITACAO DE ORCAMENTO. 05/09/2017 [HH:MM:SS]

• 2017-09-05-Brazil-malspam-Solicitacao-de-Orcamento-1320-UTC.eml.zip   2.2 kB (2,172 bytes)
• 2017-09-05-malware-from-Brazil-infostealer-infection-Solicitacao-de-Orcamento.zip   4.6 kB (4,609 bytes)
• 2017-09-05-Brazil-infostealer-traffic-Solicitacao-de-Orcamento.pcap.zip   8.9 MB (8,877,158 bytes)

• NOTE:  Follow-up malware for this is the same stuff documented in this blog post from yesterday.

 

Click here to return to the main page.