2018-04-13 - DATA DUMP (EMOTET, FORMBOOK, GANDCRAB, LOKIBOT)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

 

2018-04-11 - FORMBOOK:

• Flow:  Email --> RTF doc --> Formbook EXE

• 2018-04-11-Formbook-malspam-0829-UTC.eml.zip   7.0 kB (6,969 bytes)
• 2018-04-11-Formbook-malware.zip   257 kB (256,504 bytes)
• 2018-04-11-Formbook-infection-traffic.pcap.zip   2.4 MB (2,385,112 bytes)

 

2018-04-11 - LOKIBOT:

• Flow:  Email --> DAA archive --> Lokibot EXE

• 2018-04-11-Lokibot-malspam-1054-UTC.eml.zip   377 kB (376,576 bytes)
• 2018-04-11-Lokibot-infection-traffic.pcap.zip   7.4 kB (7,352 bytes)
• 2018-04-11-Lokibot-malware.zip   716 kB (716,186 bytes)

 

2018-04-12 - EMOTET:

• Flow:  Email --> link --> Word doc --> enable macros --> Emotet EXE

• 2018-04-11-Emotet-malspam-1249-UTC.eml.zip   1.0 kB (953 bytes)
• 2018-04-12-Emotet-infection-traffic.pcap.zip   380 kB (380,114 bytes)
• 2018-04-12-Emotet-malware.zip   163 kB (163,222 bytes)

 

2018-04-13 - GANDCRAB FROM "ZERO-GAND" MALSPAM:

• Flow:  Email --> Zip attachment --> VBS file --> GandCrab ransomware

• 2018-04-13-Zero-Gand-malspam-1231-UTC.eml.zip   149 kB (149,153 bytes)
• 2018-04-13-GandCrab-infection-traffic.pcap.zip   448 kB (447,682 bytes)
• 2018-04-13-malware-from-GandCrab-infection.zip   496 kB (496,269 bytes)

 

2018-04-13 - FORMBOOK:

• Flow:  Email --> Zip attachment --> Extracted Formbook EXE

• 2018-04-13-Formbook-malspam-1653-UTC.eml.zip   (252 kB (252,479 bytes)
• 2018-04-13-Formbook-malware.zip   484 kB (484,465 bytes)
• 2018-04-13-Formbook-infection-traffic.pcap.zip   2.5 MB (2,500,794 bytes)

 

Click here to return to the main page.