2019-08-02 - QUICK POST: LORD EK SENDS ERIS RANSOMWARE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2019-08-02-Lord-EK-sends-Eris-Ransomware.pcap.zip   1.8 MB (1,844,266 bytes)
• 2019-08-02-Lord-EK-sends-Eris-Ransomware-malware-and-artifacts.zip   1.8 MB (1,787,754 bytes)

NOTES:

• Lord Exploit Kit (EK) was first reported by @adrian__luca yesterday through this tweet.
• According to @jeromesegura, this EK has changed since it was first seen, so here's another example to follow-up on my post from yesterday.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  Screenshot of an infected Windows desktop.

 

Shown above:  Going to the Eris decryptor (1 of 2).

 

Shown above:  Going to the Eris decryptor (2 of 2).

 

Click here to return to the main page.