2016-11-08 - RIG EK/RIG-V DATA DUMP


 

ASSOCIATED FILES:

  • 2016-11-08-1st-run-EITest-Rig-EK-sends-Vawtrak.pcap   (363,860 bytes)
  • 2016-11-08-2nd-run-pseudoDarkleech-RIGv-sends-Cerber.pcap   (747,480 bytes)
  • 2016-11-08-3rd-run-EITest-Rig-EK-sends-CryptFile2.pcap   (160,323 bytes)
  • 2016-11-08-4th-run-EITest-Rig-EK-sends-Terdot-or-Zloader.pcap   (226,467 bytes)
  • 2016-11-08-5th-run-pseudoDarkleech-RIGv-sends-Cerber.pcap   (620,286 bytes)
  • 2016-11-08-6th-run-EITest-Rig-EK-sends-Gootkit.pcap   (674,388 bytes)
  • 2016-11-08-1st-run-EITest-Rig-EK-flash-exploit.swf   (52,582 bytes)
  • 2016-11-08-1st-run-EITest-Rig-EK-landing-page.txt   (3,300 bytes)
  • 2016-11-08-1st-run-EITest-Rig-EK-payload-Vawtrak.exe   (184,320 bytes)
  • 2016-11-08-1st-run-page-from-cavallinomotorsport.com-with-injected-script.txt   (18,610 bytes)
  • 2016-11-08-2nd-run-page-from-radiochiclana.com-with-injected-script.txt   (29,246 bytes)
  • 2016-11-08-2nd-run-pseudoDarkleech-RIGv-flash-exploit.swf   (51,785 bytes)
  • 2016-11-08-2nd-run-pseudoDarkleech-RIGv-landing-page.txt   (5,170 bytes)
  • 2016-11-08-2nd-run-pseudoDarkleech-RIGv-payload-Cerber.exe   (533,886 bytes)
  • 2016-11-08-3rd-run-EITest-Rig-EK-flash-exploit.swf   (51,972 bytes)
  • 2016-11-08-3rd-run-EITest-Rig-EK-landing-page.txt   (3,153 bytes)
  • 2016-11-08-3rd-run-EITest-Rig-EK-payload-CryptFile2.exe   (89,088 bytes)
  • 2016-11-08-3rd-run-page-from-cavallinomotorsport.com-with-injected-script.txt   (18,641 bytes)
  • 2016-11-08-4th-run-EITest-Rig-EK-flash-exploit.swf   (52,582 bytes)
  • 2016-11-08-4th-run-EITest-Rig-EK-landing-page.txt   (3,282 bytes)
  • 2016-11-08-4th-run-EITest-Rig-EK-payload-Terdot-or-Zloader.exe   (110,453 bytes)
  • 2016-11-08-4th-run-page-from-cavallinomotorsport.com-with-injected-script.txt   (18,607 bytes)
  • 2016-11-08-5th-run-page-from-modelocontrato.net-with-injected-script.txt   (27,236 bytes)
  • 2016-11-08-5th-run-pseudoDarkleech-RIGv-flash-exploit.swf   (51,785 bytes)
  • 2016-11-08-5th-run-pseudoDarkleech-RIGv-landing-page.txt   (5,159 bytes)
  • 2016-11-08-5th-run-pseudoDarkleech-RIGv-payload-Cerber.exe   (266,494 bytes)
  • 2016-11-08-6th-run-EITest-Rig-EK-flash-exploit.swf   (52,582 bytes)
  • 2016-11-08-6th-run-EITest-Rig-EK-landing-page.txt   (3,284 bytes)
  • 2016-11-08-6th-run-EITest-Rig-EK-payload-Gootkit.exe   (244,578 bytes)
  • 2016-11-08-6th-run-page-from-cavallinomotorsport.com-with-injected-script.txt   (18,614 bytes)

 

TRAFFIC

1ST RUN:

2ND RUN:

3RD RUN:

4TH RUN:

5TH RUN:

6TH RUN:

 

FILE HASHES

FLASH EXPLOITS (SHA256 HASH - FILE NAME):

PAYLOAD (SHA256 HASH - FILE NAME):

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.