2017-12-29 - TRAFFIC, EMAIL, AND MALWARE SAMPLES FROM 3 DAYS OF NECURS BOTNET MALSPAM

ASSOCIATED FILES:

  • 2017-12-29-Necurs-Botnet-malspam-tracker.csv   (8,810 bytes)
  • 2017-12-27-Necurs-Botnet-malspam-traffic.pcap   (150,599 bytes)
  • 2017-12-28-Necurs-Botnet-malspam-traffic.pcap   (321,812 bytes)
  • 2017-12-29-Necurs-Botnet-malspam-traffic.pcap   (230,785 bytes)
  • artifacts-and-malware / 2017-12-27-GlobImposter-Read___ME.html   (4,220 bytes)
  • artifacts-and-malware / 2017-12-27-GlobImposter-artifact-tmp368A.tmp.bat.txt   (445 bytes)
  • artifacts-and-malware / 2017-12-27-GlobImposter-decryptor-style.css   (1,930 bytes)
  • artifacts-and-malware / 2017-12-27-GlobImposter-decryptor.html   (9,496 bytes)
  • artifacts-and-malware / 2017-12-27-GlobImposter-ransomware.exe   (155,648 bytes)
  • artifacts-and-malware / 2017-12-28-GlobImposter-Read___ME.html   (4,220 bytes)
  • artifacts-and-malware / 2017-12-28-GlobImposter-artifact-tmp2164.tmp.bat.txt   (445 bytes)
  • artifacts-and-malware / 2017-12-28-GlobImposter-decryptor.html   (9,463 bytes)
  • artifacts-and-malware / 2017-12-28-GlobImposter-ransomware.exe   (238,080 bytes)
  • artifacts-and-malware / 2017-12-29-GlobImposter-Read___ME.html   (4,220 bytes)
  • artifacts-and-malware / 2017-12-29-GlobImposter-artifact-tmp6872.tmp.bat.txt   (445 bytes)
  • artifacts-and-malware / 2017-12-29-GlobImposter-decryptor.html   (9,473 bytes)
  • artifacts-and-malware / 2017-12-29-GlobImposter-ransomware.exe   (236,032 bytes)
  • attachments / CCE28122017_000823.7z   (2,020 bytes)
  • attachments / CCE28122017_001211.7z   (2,016 bytes)
  • attachments / CCE28122017_001997.7z   (2,022 bytes)
  • attachments / CCE28122017_002173.7z   (2,012 bytes)
  • attachments / CCE28122017_003947.7z   (2,027 bytes)
  • attachments / CCE28122017_004407.7z   (2,015 bytes)
  • attachments / CCE28122017_004413.7z   (2,015 bytes)
  • attachments / CCE28122017_004928.7z   (2,028 bytes)
  • attachments / CCE28122017_007792.7z   (2,009 bytes)
  • attachments / CCE28122017_009548.7z   (2,017 bytes)
  • attachments / Copy_72220737.7z   (1,972 bytes)
  • attachments / Copy_74025343.7z   (3,980 bytes)
  • attachments / Copy_98040.7z   (1,963 bytes)
  • attachments / Document_88529849.7z   (3,995 bytes)
  • attachments / File_01059868.7z   (1,971 bytes)
  • attachments / File_348087.7z   (1,963 bytes)
  • attachments / File_51835.7z   (4,003 bytes)
  • attachments / File_71456185.7z   (4,017 bytes)
  • attachments / Invoice_4819463.7z   (3,982 bytes)
  • attachments / Invoice_7289779.7z   (3,983 bytes)
  • attachments / Invoice_7846647.7z   (3,995 bytes)
  • attachments / Invoice_8077025.7z   (3,995 bytes)
  • attachments / PDF_4704.7z   (1,973 bytes)
  • attachments / PDF_575483.7z   (3,967 bytes)
  • attachments / PDF_69898.7z   (1,955 bytes)
  • attachments / PDF_98306.7z   (3,967 bytes)
  • attachments / Scan_0012.7z   (3,976 bytes)
  • attachments / Scan_0025.7z   (3,992 bytes)
  • attachments / Scan_0045.7z   (3,963 bytes)
  • attachments / Scan_00689.7z   (4,014 bytes)
  • attachments / Scan_007870.7z   (3,996 bytes)
  • attachments / Scan_009876.7z   (3,992 bytes)
  • attachments / Scan_130751.7z   (1,959 bytes)
  • attachments / pdf_76644126.7z   (,3998 bytes)
  • attachments / Scan_8918.7z   (1,969 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1058-UTC.eml   (6,313 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1118-UTC.eml   (6,316 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1154-UTC.eml   (6,326 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1222-UTC.eml   (6,323 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1549-UTC.eml   (6,212 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1553-UTC.eml   (6,148 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1557-UTC.eml   (6,202 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1606-UTC.eml   (6,257 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1736-UTC.eml   (6,178 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1748-UTC.eml   (6,207 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1842-UTC.eml   (6,215 bytes)
  • emails / 2017-12-27-Necurs-Botnet-malspam-1928-UTC.eml   (6,131 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1032-UTC.eml   (3,764 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1054-UTC.eml   (3,750 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1118-UTC.eml   (3,750 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1147-UTC.eml   (3,733 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1158-UTC.eml   (3,724 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1219-UTC.eml   (3,720 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1245-UTC.eml   (3,729 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1307-UTC.eml   (3,743 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1328-UTC.eml   (3,727 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1409-UTC.eml   (3,746 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1710-UTC.eml   (3,519 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1723-UTC.eml   (3,513 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1751-UTC.eml   (3,481 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1759-UTC.eml   (3,529 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1806-UTC.eml   (3,499 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1829-UTC.eml   (3,503 bytes)
  • emails / 2017-12-28-Necurs-Botnet-malspam-1852-UTC.eml   (3,489 bytes)
  • emails / 2017-12-29-Necurs-Botnet-malspam-0944-UTC.eml   (6,342 bytes)
  • emails / 2017-12-29-Necurs-Botnet-malspam-1042-UTC.eml   (6,358 bytes)
  • emails / 2017-12-29-Necurs-Botnet-malspam-1059-UTC.eml   (6,327 bytes)
  • emails / 2017-12-29-Necurs-Botnet-malspam-1153-UTC.eml   (6,360 bytes)
  • emails / 2017-12-29-Necurs-Botnet-malspam-1202-UTC.eml   (6,361 bytes)
  • emails / 2017-12-29-Necurs-Botnet-malspam-1411-UTC.eml   (6,398 bytes)
  • extracted-files / CCE28122017_001315.vbs   (4,916 bytes)
  • extracted-files / CCE28122017_001978.vbs   (4,860 bytes)
  • extracted-files / CCE28122017_002133.vbs   (4,859 bytes)
  • extracted-files / CCE28122017_002581.vbs   (4,943 bytes)
  • extracted-files / CCE28122017_005204.vbs   (5,052 bytes)
  • extracted-files / CCE28122017_005591.vbs   (4,817 bytes)
  • extracted-files / CCE28122017_006984.vbs   (4,828 bytes)
  • extracted-files / CCE28122017_007021.vbs   (5,069 bytes)
  • extracted-files / CCE28122017_008267.vbs   (4,792 bytes)
  • extracted-files / CCE28122017_008328.vbs   (4,765 bytes)
  • extracted-files / Copy_64549058.vbs   (4,611 bytes)
  • extracted-files / Copy_76949395.vbs   (4,660 bytes)
  • extracted-files / Copy_99086522.vbs   (4,526 bytes)
  • extracted-files / Copy_99849248.vbs   (4,663 bytes)
  • extracted-files / Document_11822740.js   (14,900 bytes)
  • extracted-files / Document_22998278.js   (14,434 bytes)
  • extracted-files / File_21819165.js   (14,429 bytes)
  • extracted-files / File_25178176.js   (14,691 bytes)
  • extracted-files / File_42284200.js   (14,224 bytes)
  • extracted-files / File_47807968.vbs   (4,753 bytes)
  • extracted-files / File_74973378.vbs   (4,698 bytes)
  • extracted-files / Invoice_4884967.js   (14,255 bytes)
  • extracted-files / Invoice_9068713.js   (13,804 bytes)
  • extracted-files / Invoice_9616548.js   (14,006 bytes)
  • extracted-files / PDF_20057765.js   (15,347 bytes)
  • extracted-files / PDF_2457326.vbs   (4,565 bytes)
  • extracted-files / PDF_6342214.vbs   (4,515 bytes)
  • extracted-files / Scan_003397.js   (14,526 bytes)
  • extracted-files / Scan_00471.js   (14,519 bytes)
  • extracted-files / Scan_006648.js   (14,738 bytes)
  • extracted-files / Scan_007133.js   (14,737 bytes)
  • extracted-files / Scan_009146.js   (13,831 bytes)
  • extracted-files / Scan_009738.js   (13,825 bytes)
  • extracted-files / Scan_38097849.js   (14,447 bytes)

 

FINAL NOTES

Zip files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.