2016-04-23 - FILES FOR AN ISC DIARY

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

NOTES:

• This is Angler EK/Bedep/CryptXXX ransomware traffic I recorded on Saturday 2016-04-23 from approximately 02:28 UTC.
• The associated ISC diary is here.

 

ASSOCIATED FILES:

• 2016-04-23-pcap-for-ISC-diary.pcap.zip  3.9 MB (3,853,560 bytes)

• 2016-04-23-pcap-for-ISC-diary.pcap   (4,134,884 bytes)

• 2016-04-23-malware-and-artifacts-for-ISC-diary.zip  1.8 MB (1,826,082 bytes)

• 3A1DC4C4719C.dat   (3 bytes)   C:\ProgramData\3A1DC4C4719C.dat   [something related to the click-fraud malware, I think]
• 8afc49b02429a   (1,279,328 bytes)   C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a   [data downloaded by Bedep]
• msvcp60.dll   (348,160 bytes)   C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\msvcp60.dll   [Click-fraud malware downloaded by Bedep]

• de_crypt_readme.bmp   (232,6734 bytes)   [decrypt instructions for the CryptXXX ransomware]
• de_crypt_readme.html   (3,315 bytes)   [decrypt instructions for the CryptXXX ransomware]
• de_crypt_readme.txt   (1,638 bytes)   [decrypt instructions for the CryptXXX ransomware]
• api-ms-win-system-acproxy-l1-1-0.dll   (361,472 bytes)   C:\Users\[username]\AppData\Local\Temp\{F4DD9BAF-BD38-4055-90EE-07C071479B6A}\api-ms-win-system-acproxy-l1-1-0.dll   [CryptXXX ransomware]

 

Click here to return to the main page.