2016-11-16 - EITEST CAMPAIGN SUNDOWN EK

ASSOCIATED FILES:

  • 2016-11-16-5th-run-EITest-Sudnown-EK.pcap   (277,078 bytes)
  • 2016-11-16-5th-run-Sundown-EK-flash-exploit-1-of-2.swf   (22,693 bytes)
  • 2016-11-16-5th-run-Sundown-EK-flash-exploit-2-of-2.swf   (33,591 bytes)
  • 2016-11-16-5th-run-Sundown-EK-landing-page.txt   (304,719 bytes)
  • 2016-11-16-5th-run-Sundown-EK-payload.exe   (12,288 bytes)
  • 2016-11-16-5th-run-Sundown-EK-silverlight-exploit.zip   (20,412 bytes)
  • 2016-11-16-5th-run-page-from-cavallinomotorsport.com-with-injected-EITest-script.txt   (18,505 bytes)

 

NOTES:


Shown above:  Flowchart for this infection traffic.

 

TRAFFIC


Shown above:  Injected script from the EITest campaign in a page from the compromised site.


Shown above:  Traffic from the infection traffic filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

EXPLOITS:

PAYLOAD:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.