2017-01-31 - "BLANK SLATE" CAMPAIGN SENDS CERBER RANSOMWARE

NOTICE:

ASSOCIATED FILES:

 

NOTES:

 

EMAILS

EMAILS GATHERED:


Shown above:  Spreadsheet tracker, part 1 of 2.

 


Shown above:  Spreadsheet tracker, part 2 of 2.

 

(Read: Date/Time -- Sending mail server -- Sending address (spoofed) -- Attachment -- Extracted file)

 

ATTACHED ZIP ARCHIVES AND EXTRACTED FILES

SHA256 HASHES FOR THE EMAIL ATTACHMENTS:

 

SHA256 HASHES FOR THE EXTRACTED WORD DOCUMENT AND .JS FILES:

 

TRAFFIC


Shown above:  Pcap of the infection traffic (1 of 3).

 


Shown above:  Pcap of the infection traffic (2 of 3).

 


Shown above:  Pcap of the infection traffic (3 of 3).

 

HTTP REQUESTS FOR CERBER RANSOMWARE:

CERBER RANSOMWARE POST-INFECTION TRAFFIC:

 

MALWARE

CERBER RANSOMWARE SAMPLES:

 

IMAGES


Shown above:  Screenshot of an infected Windows host after rebooting.

 

Click here to return to the main page.