2017-12-29 - NECURS BOTNET MALSPAM PUSHES GLOBEIMPOSTER RANSOMWARE
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
-
2017-12-29-Necurs-Botnet-malspam-tracker.csv.zip 3.3 kB (3,317 bytes)
- 2017-12-29-Necurs-Botnet-malspam-tracker.csv (8,810 bytes)
-
2017-12-29-Necurs-Botnet-pushes-GlobeImposter-ransomware-3-pcaps.zip 435.9 kB (435,860 bytes)
- 2017-12-27-Necurs-Botnet-pushes-GlobeImposter-ransomware.pcap (150,599 bytes)
- 2017-12-28-Necurs-Botnet-pushes-GlobeImposter-ransomware.pcap (321,812 bytes)
- 2017-12-29-Necurs-Botnet-pushes-GlobeImposter-ransomware.pcap (230,785 bytes)
-
2017-12-29-Necurs-Botnet-emails-and-GlobeImposter-malware.zip 775.8 kB (775,817 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1058-UTC.eml (6,313 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1118-UTC.eml (6,316 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1154-UTC.eml (6,326 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1222-UTC.eml (6,323 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1549-UTC.eml (6,212 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1553-UTC.eml (6,148 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1557-UTC.eml (6,202 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1606-UTC.eml (6,257 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1736-UTC.eml (6,178 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1748-UTC.eml (6,207 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1842-UTC.eml (6,215 bytes)
- 01-emails / 2017-12-27-Necurs-Botnet-malspam-1928-UTC.eml (6,131 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1032-UTC.eml (3,764 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1054-UTC.eml (3,750 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1118-UTC.eml (3,750 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1147-UTC.eml (3,733 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1158-UTC.eml (3,724 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1219-UTC.eml (3,720 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1245-UTC.eml (3,729 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1307-UTC.eml (3,743 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1328-UTC.eml (3,727 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1409-UTC.eml (3,746 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1710-UTC.eml (3,519 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1723-UTC.eml (3,513 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1751-UTC.eml (3,481 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1759-UTC.eml (3,529 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1806-UTC.eml (3,499 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1829-UTC.eml (3,503 bytes)
- 01-emails / 2017-12-28-Necurs-Botnet-malspam-1852-UTC.eml (3,489 bytes)
- 01-emails / 2017-12-29-Necurs-Botnet-malspam-0944-UTC.eml (6,342 bytes)
- 01-emails / 2017-12-29-Necurs-Botnet-malspam-1042-UTC.eml (6,358 bytes)
- 01-emails / 2017-12-29-Necurs-Botnet-malspam-1059-UTC.eml (6,327 bytes)
- 01-emails / 2017-12-29-Necurs-Botnet-malspam-1153-UTC.eml (6,360 bytes)
- 01-emails / 2017-12-29-Necurs-Botnet-malspam-1202-UTC.eml (6,361 bytes)
- 01-emails / 2017-12-29-Necurs-Botnet-malspam-1411-UTC.eml (6,398 bytes)
- 02-attachments / CCE28122017_000823.7z (2,020 bytes)
- 02-attachments / CCE28122017_001211.7z (2,016 bytes)
- 02-attachments / CCE28122017_001997.7z (2,022 bytes)
- 02-attachments / CCE28122017_002173.7z (2,012 bytes)
- 02-attachments / CCE28122017_003947.7z (2,027 bytes)
- 02-attachments / CCE28122017_004407.7z (2,015 bytes)
- 02-attachments / CCE28122017_004413.7z (2,015 bytes)
- 02-attachments / CCE28122017_004928.7z (2,028 bytes)
- 02-attachments / CCE28122017_007792.7z (2,009 bytes)
- 02-attachments / CCE28122017_009548.7z (2,017 bytes)
- 02-attachments / Copy_72220737.7z (1,972 bytes)
- 02-attachments / Copy_74025343.7z (3,980 bytes)
- 02-attachments / Copy_98040.7z (1,963 bytes)
- 02-attachments / Document_88529849.7z (3,995 bytes)
- 02-attachments / File_01059868.7z (1,971 bytes)
- 02-attachments / File_348087.7z (1,963 bytes)
- 02-attachments / File_51835.7z (4,003 bytes)
- 02-attachments / File_71456185.7z (4,017 bytes)
- 02-attachments / Invoice_4819463.7z (3,982 bytes)
- 02-attachments / Invoice_7289779.7z (3,983 bytes)
- 02-attachments / Invoice_7846647.7z (3,995 bytes)
- 02-attachments / Invoice_8077025.7z (3,995 bytes)
- 02-attachments / PDF_4704.7z (1,973 bytes)
- 02-attachments / PDF_575483.7z (3,967 bytes)
- 02-attachments / PDF_69898.7z (1,955 bytes)
- 02-attachments / PDF_98306.7z (3,967 bytes)
- 02-attachments / Scan_0012.7z (3,976 bytes)
- 02-attachments / Scan_0025.7z (3,992 bytes)
- 02-attachments / Scan_0045.7z (3,963 bytes)
- 02-attachments / Scan_00689.7z (4,014 bytes)
- 02-attachments / Scan_007870.7z (3,996 bytes)
- 02-attachments / Scan_009876.7z (3,992 bytes)
- 02-attachments / Scan_130751.7z (1,959 bytes)
- 02-attachments / pdf_76644126.7z (,3998 bytes)
- 02-attachments / Scan_8918.7z (1,969 bytes)
- 03-extracted-files / CCE28122017_001315.vbs (4,916 bytes)
- 03-extracted-files / CCE28122017_001978.vbs (4,860 bytes)
- 03-extracted-files / CCE28122017_002133.vbs (4,859 bytes)
- 03-extracted-files / CCE28122017_002581.vbs (4,943 bytes)
- 03-extracted-files / CCE28122017_005204.vbs (5,052 bytes)
- 03-extracted-files / CCE28122017_005591.vbs (4,817 bytes)
- 03-extracted-files / CCE28122017_006984.vbs (4,828 bytes)
- 03-extracted-files / CCE28122017_007021.vbs (5,069 bytes)
- 03-extracted-files / CCE28122017_008267.vbs (4,792 bytes)
- 03-extracted-files / CCE28122017_008328.vbs (4,765 bytes)
- 03-extracted-files / Copy_64549058.vbs (4,611 bytes)
- 03-extracted-files / Copy_76949395.vbs (4,660 bytes)
- 03-extracted-files / Copy_99086522.vbs (4,526 bytes)
- 03-extracted-files / Copy_99849248.vbs (4,663 bytes)
- 03-extracted-files / Document_11822740.js (14,900 bytes)
- 03-extracted-files / Document_22998278.js (14,434 bytes)
- 03-extracted-files / File_21819165.js (14,429 bytes)
- 03-extracted-files / File_25178176.js (14,691 bytes)
- 03-extracted-files / File_42284200.js (14,224 bytes)
- 03-extracted-files / File_47807968.vbs (4,753 bytes)
- 03-extracted-files / File_74973378.vbs (4,698 bytes)
- 03-extracted-files / Invoice_4884967.js (14,255 bytes)
- 03-extracted-files / Invoice_9068713.js (13,804 bytes)
- 03-extracted-files / Invoice_9616548.js (14,006 bytes)
- 03-extracted-files / PDF_20057765.js (15,347 bytes)
- 03-extracted-files / PDF_2457326.vbs (4,565 bytes)
- 03-extracted-files / PDF_6342214.vbs (4,515 bytes)
- 03-extracted-files / Scan_003397.js (14,526 bytes)
- 03-extracted-files / Scan_00471.js (14,519 bytes)
- 03-extracted-files / Scan_006648.js (14,738 bytes)
- 03-extracted-files / Scan_007133.js (14,737 bytes)
- 03-extracted-files / Scan_009146.js (13,831 bytes)
- 03-extracted-files / Scan_009738.js (13,825 bytes)
- 03-extracted-files / Scan_38097849.js (14,447 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-27-GlobeImposter-Read___ME.html (4,220 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-27-GlobeImposter-artifact-tmp368A.tmp.bat.txt (445 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-27-GlobeImposter-decryptor-style.css (1,930 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-27-GlobeImposter-decryptor.html (9,496 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-27-GlobeImposter-ransomware.exe (155,648 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-28-GlobeImposter-Read___ME.html (4,220 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-28-GlobeImposter-artifact-tmp2164.tmp.bat.txt (445 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-28-GlobeImposter-decryptor.html (9,463 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-28-GlobeImposter-ransomware.exe (238,080 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-29-GlobeImposter-Read___ME.html (4,220 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-29-GlobeImposter-artifact-tmp6872.tmp.bat.txt (445 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-29-GlobeImposter-decryptor.html (9,473 bytes)
- 04-GlobeImposter-malware-and-artifacts / 2017-12-29-GlobeImposter-ransomware.exe (236,032 bytes)
Click here to return to the main page.