2018-04-13 - QUICK POST: MALSPAM AND TRAFFIC DUMP

Zip archives are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

 

2018-04-11 - FORMBOOK MALSPAM:

• Flow:  Email --> RTF doc --> Formbook binary

• 2018-04-11-Formbook-malspam-0829-UTC.eml.zip   7.0 kB (6,969 bytes)
• 2018-04-11-Formbook-malspam-RTF-doc-and-Formbook-binary.zip   256 kB (256,208 bytes)
• 2018-04-11-Formbook-malspam-infection-traffic.pcap.zip   2.4 MB (2,385,128 bytes)

 

2018-04-11 - LOKI-BOT MALSPAM:

• Flow:  Email --> DAA archive --> Loki-Bot binary

• 2018-04-11-Lokibot-malspam-1054-UTC.eml.zip   377 kB (376576 bytes)
• 2018-04-11-Lokibot-malspam-infection-traffic.pcap.zip   7.4 kB (7368 bytes)
• 2018-04-11-daa-archive-and-extracted-Lokibot-binary.zip   716 kB (715896 bytes)

 

2018-04-12 - EMOTET MALSPAM:

• Flow:  Email --> link --> Word doc --> enable macros --> Emotet binary

• 2018-04-11-Emotet-malspam-1249-UTC.eml.zip   1.0 kB (953 bytes)
• 2018-04-12-Emotet-malspam-infection-traffic.pcap.zip   380 kB (380,130 bytes)
• 2018-04-12-Emotet-word-doc-and-binary.zip   163 kB (162,938 bytes)

 

2018-04-13 - ZERO-GAND MALSPAM:

• Flow:  Email --> Zip attachment --> VBS file --> GandCrab ransomware

• 2018-04-13-Zero-Gand-malspam-1231-UTC.eml.zip   149 kB (149,153 bytes)
• 2018-04-13-Zero-Gand-malspam-infection-traffic.pcap.zip   448 kB (447,700 bytes)
• 2018-04-13-Zero-Gand-malspam-malware-and-artifacts.zip   496 kB (495,711 bytes)

 

2018-04-13 - FORMBOOK MALSPAM:

• Flow:  Email --> Zip attachment --> Extracted Formbook binary

• 2018-04-13-Formbook-malspam-1653-UTC.eml.zip   (252 kB (252,479 bytes)
• 2018-04-13-Formbook-malspam-artifacts.zip   484 kB (484,169 bytes)
• 2018-04-13-Formbook-malspam-infection-traffic.pcap.zip   2.5 MB (2,500,810 bytes)

 

Click here to return to the main page.