2017-09-05 - GRAB BAG
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
NOTES:
- This is what happens when you collect and review all day, but you forget to budget any time for writeups.
EMAILS / MALWARE / PCAPS
LOCKY RANSOMWARE INFECTION FROM NECURS BOTNET MALSPAM
- 2017-09-05-Necurs-botnet-malspam-tracker.csv.zip 2.0 kB (2,041 bytes)
- 2017-09-05-Necurs-botnet-malspam-and-Locky-ransomware-emails-and-malware.zip 2.0 MB (1,986,703 bytes)
- 2017-09-05-Necurs-botnet-malspam-pushes-Locky-ransomware-3-pcaps.zip 3.5 MB (3,500,482 bytes)
HANCITOR INFECTION WITH ZLOADER
- 2017-09-05-Hancitor-malspam-3-examples.zip 5.6 kB (5,620 bytes)
- 2017-09-05-malware-from-Hancitor-infection.zip 243.9 kB (243,924 bytes)
- 2017-09-05-Hancitor-infection-with-ZLoader.pcap.zip 9.5 MB (9,490,226 bytes)
TRICKBOT INFECTION
- 2017-09-05-Trickbot-malspam-1153-UTC.eml.zip 62.2 kB (62,156 bytes)
- 2017-09-05-malware-from-Trickbot-infection.zip 343.3 kB (343,277 bytes)
- 2017-09-05-Trickbot-infection-traffic.pcap.zip 1.2 MB (1,245,2057 bytes)
INFOSTEALER INFECTION FROM BRAZIL MALSPAM
- 2017-09-05-Brazil-malspam-3-examples.zip 3.7 kB (3,706 bytes)
- 2017-09-05-malware-from-Brazil-infostealer-infection.zip 22.6 MB (22,587,522 bytes)
- 2017-09-05-Brazil-infostealer-traffic.pcap.zip 12.0 MB (11,956,278 bytes)
INFOSTEALER INFECTION FROM BRAZIL MALSPAM - SUBJECT: SOLICITACAO DE ORCAMENTO. 05/09/2017 [HH:MM:SS]
- 2017-09-05-Brazil-malspam-Solicitacao-de-Orcamento-1320-UTC.eml.zip 2.2 kB (2,172 bytes)
- 2017-09-05-malware-from-Brazil-infostealer-infection-Solicitacao-de-Orcamento.zip 4.6 kB (4,609 bytes)
- 2017-09-05-Brazil-infostealer-traffic-Solicitacao-de-Orcamento.pcap.zip 8.9 MB (8,877,158 bytes)
- NOTE: Follow-up malware for this is the same stuff documented in this blog post from yesterday.
Click here to return to the main page.