2019-08-02 - QUICK POST: LORD EK SENDS ERIS RANSOMWARE

ASSOCIATED FILES:

• 2019-08-02-Lord-EK-sends-Eris-Ransomware.pcap.zip   1.8 MB (1,844,266 bytes)
• 2019-08-02-Lord-EK-sends-Eris-Ransomware-malware-and-artifacts.zip   1.8 MB (1,786,996 bytes)

NOTES:

• Lord Exploit Kit (EK) was first reported by @adrian__luca yesterday through this tweet.
• According to @jeromesegura, this EK has changed since it was first seen, so here's another example to follow-up on my post from yesterday.
• Zip archives are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  Screenshot of an infected Windows desktop.

 

Shown above:  Going to the Eris decryptor (1 of 2).

 

Shown above:  Going to the Eris decryptor (2 of 2).

 

Click here to return to the main page.