2019-08-23 - DATA DUMP (GOZI/ISFB/URSNIF, RIG EK, NETWIRE RAT)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

GOZI/ISFB (URSNIF) INFECTION WITH AZORULT:

• 2019-08-23-malspam-pushing-Ursnif.eml.zip   55.7 kB (55,686 bytes)
• 2019-08-23-Ursnif-infection-with-AZORult.pcap.zip   3.9 MB (3,868,767 bytes)
• 2019-08-23-malware-from-Ursnif-infection.zip   335 kB (334,527 bytes)

RIG EK --> DANABOT:

• 2019-08-23-Rig-EK-sends-Danabot.pcap.zip   16.5 MB (16,452,510 bytes)
• 2019-08-23-Rig-EK-and-Danabot-malware-and-artifacts.zip   561 kB (561,487 bytes)

RIG EK --> AMADEY --> DANABOT:

• 2019-08-23-second-run-Rig-EK-sends-Amadey.pcap.zip   20.7 MB (20,664,431 bytes)
• 2019-08-23-second-run-Rig-EK-sends-Amadey-malware.zip   3.3 MB (3,305,266 bytes)

MALSPAM PUSHES NETWIRE RAT:

• 2019-08-23-malspam-pushing-Netwire-RAT-0709-UTC.eml.zip   133 kB (132,713 bytes)
• 2019-08-23-Netwire-RAT-infection.pcap.zip   302 kB (302,187 bytes)
• 2019-08-23-Netwire-RAT-malware.zip   332 kB (332,497 bytes)

 

Click here to return to the main page.