RIG Web-based Exploit Kit EK Exploits Flash and loads Ransomware Variant CryptMic Malware PCAP file download 91.121.74.154

2016-09-26 00:40:25.886473 IP 192.168.1.18.51426 > 5.196.126.167.80: Flags [P.], seq 1:512, ack 1, win 16475, length 511: HTTP: GET /index.php?wX6OcbiYLRbND4M=l3SMfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weJYFhC_5DEELY70Qj3zucccs4lkxfTv2JWz-IdUFxE5RgY36TIHLOL-AFiXwE4Ugfbct4lsxaBWiTiJGQ23OWwGTF0kufJ8_w5 HTTP/1.1 E..’.R@………..~….P..W..2.VP.@[….GET /index.php?wX6OcbiYLRbND4M=l3SMfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weJYFhC_5DEELY70Qj3zucccs4lkxfTv2JWz-IdUFxE5RgY36TIHLOL-AFiXwE4Ugfbct4lsxaBWiTiJGQ23OWwGTF0kufJ8_w5 HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Mozilla/5.0 (Windows …

Read More

Packet Analysis Rig Exploit Kit EK Delivers URSNIF Banking Trojan Malware PCAP file download sample

2016-09-02 10:26:46.478966 IP 192.168.4.200.49222 > 194.165.16.204.80: Flags [P.], seq 1:391, ack 1, win 16537, length 390: HTTP: GET /qrvfiif2krei9e-ld2ket4rtnfme2f8cknbnm4ntfmmpeoifs-omb-tacbmri7mnksmpkr7si4ioblpaes9ss1din5pme6r6clcm9leeno4pnmf/ HTTP/1.1 E…..@…[……….F.Pbe.c….P.@..P..GET /qrvfiif2krei9e-ld2ket4rtnfme2f8cknbnm4ntfmmpeoifs-omb-tacbmri7mnksmpkr7si4ioblpaes9s s1din5pme6r6clcm9leeno4pnmf/ HTTP/1.1 Accept: */* Accept-Language: en-US Referer: http://www.gaapasa.com.au/ …

Read More