2018-07-25 - QUICK POST: RIG EK PUSHES GANDCRAB RANSOMWARE
- 2018-07-25-Rig-EK-pcaps.zip 509 kB (508,767 bytes)
- 2018-07-25-Rig-EK-malware-and-artifacts.zip 225 kB (224,675 bytes)
- It's been a while since I've run across either Rig EK or GandCrab ransomware.
- Rig EK hasn't changed much, traffic-wise.
- GandCrab version 4 has much different post-infection traffic than I've seen before with previous versions of GandCrab.
- This GandCrab sample didn't run on a virtual host, so I moved it to a physical host.
- For more details on GandCrab v4, Bleeping Computer did a nice write-up earlier this month here.
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
Click here to return to the main page.