2017-09-15 - BLANK SLATE CAMPAIGN PUSHES LOCKY RANSOMWARE

NOTICE:

ASSOCIATED FILES:

SOME BACKGROUND:

TODAY'S NOTES:

 

EMAILS


Shown above:  Screenshot from the spreadsheet tacker.

 


Shown above:  Screen shot from one of the emails.

 

EMAILS COLLECTED:

 

TRAFFIC


Shown above:  Example of the infection traffic filtered in Wireshark.

 

URLS FROM THE WORD MACROS TO DOWNLOAD FOLLOW-UP MALWARE (LOCKY RANSOMWARE):

POST-INFECTION IP ADDRESSES (SAW ATTEMPTED TCP CONNECTIONS BUT NO HTTP TRAFFIC):

USUAL TOR DOMAIN FOR THE LOCKY DECRYPTOR:

 

ASSOCIATED FILES


Shown above:  Example of an attachment from one of the emails.

 

ATTACHED WORD DOCUMENTS:

 

FOLLOW-UP MALWARE (LOCKY RANSOMWARE):

 

IMAGES


Shown above:  Desktop of an infected Windows host.

 


Shown above:  The Locky decryptor showing today's ransom cost.

 

Click here to return to the main page.