2018-03-15 - QUICK POST: RIG EK SENDS GANDCRAB RANSOMWARE
ASSOCIATED FILES:
- Zip archive of the traffic: 2018-03-15-Rig-EK-traffic.pcap.zip 271 kB (270,753 bytes)
- 2018-03-15-Rig-EK-traffic.pcap (279,647 bytes)
- Zip archive of the associated malware and artifacts: 2018-03-15-Rig-EK-malware-and-artifacts.zip 226 kB (226,065 bytes)
- 2018-03-15-Rig-EK-artifacts-u32.tmp.txt (1,141 bytes)
- 2018-03-15-Rig-EK-flash-exploit.swf (15,951 bytes)
- 2018-03-15-Rig-EK-landing-page.txt (95,708 bytes)
- 2018-03-15-Rig-EK-payload-GandCrab-ransomware.exe (217,608 bytes)
NOTES:
- This example only contains the Rig EK traffic (no pre- or post-infection activity).
- Not sure which campaign this is from.
- Unfortunately, I cannot share the traffic leading up to this example.
- It didn't look like any of the usual campaigns I've run across before, so I doubt it's from the Fobos, HookAds, or Seamless campaigns.
Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Click here to return to the main page.