2016-11-30 - RIG EK DATA DUMP

ASSOCIATED FILES:

  • 2016-11-29-1st-run-EITest-Rig-E-traffic.pcap   (1,005,331 bytes)
  • 2016-11-29-2nd-run-pseudoDarkleech-Rig-V-sends-Cerber.pcap   (456,397 bytes)
  • 2016-11-29-3rd-run-pseudoDarkleech-Rig-V-sends-Cerber.pcap   (496,604 bytes)
  • 2016-11-30-1st-run-pseudoDarkleech-Rig-V-sends-Cerber.pcap   (472,537 bytes)
  • 2016-11-30-2nd-run-pseudoDarkleech-Rig-V-sends-Cerber.pcap   (379,189 bytes)
  • 2016-11-30-3rd-run-EITest-Rig-E-traffic.pcap   (905,031 bytes)
  • 2016-11-29-1st-run-EITest-Rig-E-artifact-MXj6sFosp.txt   (1,137 bytes)
  • 2016-11-29-1st-run-EITest-Rig-E-flash-exploit.swf   (40,141 bytes)
  • 2016-11-29-1st-run-EITest-Rig-E-landing-page.txt   (85,248 bytes)
  • 2016-11-29-1st-run-EITest-Rig-E-payload-rad65C7C.tmp.exe   (285,696 bytes)
  • 2016-11-29-1st-run-page-from-abogadoszurbanocaracas.com-with-injected-script.txt   (15,604 bytes)
  • 2016-11-29-2nd-run-page-from-fundeun.es-with-injected-script.txt   (126,143 bytes)
  • 2016-11-29-2nd-run-psuedoDarkleech-Rig-V-artifact-MXj6sFosp.txt   (1,137 bytes)
  • 2016-11-29-2nd-run-psuedoDarkleech-Rig-V-flash-exploit.swf   (12,394 bytes)
  • 2016-11-29-2nd-run-psuedoDarkleech-Rig-V-landing-page.txt   (90,078 bytes)
  • 2016-11-29-2nd-run-psuedoDarkleech-Rig-V-payload-Cerber-rad6F670.tmp.exe   (217,323 bytes)
  • 2016-11-29-3rd-run-page-from-lavozdeltrubia.es-with-injected-script.txt   (72,753 bytes)
  • 2016-11-29-3rd-run-psuedoDarkleech-Rig-V-artifact-MXj6sFosp.txt   (1,137 bytes)
  • 2016-11-29-3rd-run-psuedoDarkleech-Rig-V-flash-exploit.swf   (12,394 bytes)
  • 2016-11-29-3rd-run-psuedoDarkleech-Rig-V-landing-page.txt   (90,068 bytes)
  • 2016-11-29-3rd-run-psuedoDarkleech-Rig-V-payload-Cerber-radC816F.tmp.exe   (265,910 bytes)
  • 2016-11-30-1st-run-page-from-immigrationsolutions.com-with-injected-script.txt   (22,110 bytes)
  • 2016-11-30-1st-run-pseudoDarkleech-Rig-V-artifact-MXj6sFosp.txt   (1,137 bytes)
  • 2016-11-30-1st-run-pseudoDarkleech-Rig-V-flash-exploit.swf   (9,884 bytes)
  • 2016-11-30-1st-run-pseudoDarkleech-Rig-V-landing-page.txt   (90,253 bytes)
  • 2016-11-30-1st-run-pseudoDarkleech-Rig-V-payload-Cerber-rad4B90E.tmp.exe   (263,794 bytes)
  • 2016-11-30-2nd-run-page-from-joellipman.com-with-injected-script.txt   (68,857 bytes)
  • 2016-11-30-2nd-run-pseudoDarkleech-Rig-V-artifact-MXj6sFosp.txt   (1,137 bytes)
  • 2016-11-30-2nd-run-pseudoDarkleech-Rig-V-flash-exploit.swf   (9,884 bytes)
  • 2016-11-30-2nd-run-pseudoDarkleech-Rig-V-landing-page.txt   (90,173 bytes)
  • 2016-11-30-2nd-run-pseudoDarkleech-Rig-V-payload-Cerber-rad5FFAA.tmp.exe   (216,997 bytes)
  • 2016-11-30-3rd-run-EITest-Rig-E-artifact-MXj6sFosp.txt   (1,137 bytes)
  • 2016-11-30-3rd-run-EITest-Rig-E-flash-exploit.swf   (40,141 bytes)
  • 2016-11-30-3rd-run-EITest-Rig-E-landing-page.txt   (85,276 bytes)
  • 2016-11-30-3rd-run-EITest-Rig-E-payload-8E5.tmp   (89,780 bytes)
  • 2016-11-30-3rd-run-page-from-abogadoszurbanocaracas.com-with-injected-script.txt   (15,601 bytes)

NOTE:

BACKGROUND ON RIG EXPLOIT KIT:

BACKGROUND ON THE EITEST CAMPAIGN:

BACKGROUND ON THE PSEUDO-DARKLEECH CAMPAIGN:

 

TRAFFIC

ASSOCIATED DOMAINS:

 

FILE HASHES

FLASH EXPLOITS (READ: SHA256 HASH - FILE NAME - FILE SIZE):

FLASH EXPLOITS (READ: SHA256 HASH - MY SAVED NAME FOR IT - FILE SIZE):

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.