Ransomware Vector Variant Unknown Onenote.net PCAP file download traffic sample

SHA256: 87fad71988400eefc2139cc3a3616fa21f683290b73247bc2b9ba37bba54e636 File name: ubaupn Detection ratio: 3 / 54 Analysis date: 2016-12-17 05:38:18 UTC ( 0 minutes ago ) Antivirus Result Update CAT-QuickHeal TrojanPWS.ZBot 20161216 TrendMicro Ransom_LOCKYENC.AXFAR 20161217 TrendMicro-HouseCall Ransom_LOCKYENC.AXFAR 20161217 2016-12-16 23:54:44.875193 IP 192.168.1.102.59998 > 198.105.221.209.80: Flags [P.], seq 0:288, ack 1, win 64240, length 288: HTTP: GET /ubaupn HTTP/1.1 E..H=.@…VI…f.i…^.P….T}..P…l…GET /ubaupn HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept-Encoding: gzip, deflate Host: amaniinitiative.org Connection: Keep-Alive 2016-12-16 23:54:46.999606 IP 192.168.1.102.59998 > 198.105.221.209.80: Flags [P.], seq 288:490, ack 161914, win 62927, length 202: HTTP: GET /favicon.ico HTTP/1.1 E…=R@…Vj…f.i…^.P….T.U.P….-..GET […]

111.67.197.151.6666 RAT Remote Access Trojan Malware Trojan PCAP File Download Traffic Sample

SHA256:     028f3aff1bbb9bdc57fd0ed7bff829b12a6f47872655f85e49001624ddb57e94 File name:     NewRat.exe Detection ratio:     50 / 56 Analysis date:     2016-12-17 01:49:07 UTC ( 0 minutes ago ) Antivirus     Result     Update ALYac     Generic.ServStart2.B7BD945B     20161217 AVG     Atros.BOTV     20161216 AVware     BehavesLike.Win32.Malware.wsc (mx-v)     20161217 Ad-Aware     Generic.ServStart2.B7BD945B     20161217 AegisLab     Troj.W32.Gen.mner     20161216 AhnLab-V3     Trojan/Win32.Regrun.R153612     20161216 Antiy-AVL     Trojan[:HEUR]/Win32.AGeneric     20161217 Arcabit     Generic.ServStart2.B7BD945B     20161217 Avast     Win32:Malware-gen     20161217 Avira (no cloud)     TR/Dldr.Yemrok.aona     20161216 Baidu     Win32.Trojan.ServStart.aw     20161207 BitDefender     Generic.ServStart2.B7BD945B     20161217 Bkav     W32.Clodf83.Trojan.75df     20161216 Comodo     TrojWare.Win32.GameThief.Magania.~NWABI […]

nnapoakea.top read.php?f=0.dat CERBER Ransomware 35.166.4.* 37.15.20.* 77.1.12.* 91.239.24.* PCAP File Download Traffic Sample

http://nnapoakea.top/read.php?f=0.dat SHA256:     5a1a12fb2668af622c7882003561c1abff5b99dc9db3d51a55cbfd4dd3d797e9 File name:     read.php?f=0.dat Detection ratio:     7 / 55 Analysis date:     2016-12-17 01:16:52 UTC ( 1 minute ago ) Antivirus     Result     Update AVware     Trojan.Win32.Generic!BT     20161217 AhnLab-V3     Trojan/Win32.Cerber.R192010     20161216 Bkav     HW32.Packed.F166     20161216 Invincea     virus.win32.sality.at     20161216 Qihoo-360     HEUR/QVM20.1.0000.Malware.Gen     20161217 Symantec     Heur.AdvML.B     20161217 VIPRE     Trojan.Win32.Generic!BT     20161217 SHA256:     5a1a12fb2668af622c7882003561c1abff5b99dc9db3d51a55cbfd4dd3d797e9 File name:     read.php?f=1.dat Detection ratio:     7 / 55 Antivirus     Result     Update Invincea     virus.win32.sality.at     20161216 AhnLab-V3     Trojan/Win32.Cerber.R192010     20161216 AVware     Trojan.Win32.Generic!BT     20161217 VIPRE    […]

aa.exe Leads to unknown Chinese Malware Infection FULL PCAP file download 111.67.197.151 port 6666

SHA256:     b89384e4dcec9c280b145b0f4aa7d05e783449ada227fb51ccbd2f25adfb57ca File name:     aa.exe Detection ratio:     24 / 55 Analysis date:     2016-12-17 01:32:37 UTC ( 0 minutes ago ) Antivirus     Result     Update AVG     Win32/DH{I4F6gmU?}     20161216 AVware     Trojan.Win32.Generic!BT     20161217 Ad-Aware     Application.Tool.SIY     20161217 AegisLab     Heur.Advml.Gen!c     20161216 Arcabit     Application.Tool.SIY     20161217 Avast     Win32:Malware-gen     20161217 BitDefender     Application.Tool.SIY     20161216 ClamAV     Win.Trojan.Agent-1890258     20161216 DrWeb     Trojan.Siggen7.8058     20161217 ESET-NOD32     Win32/Spy.Agent.PAR     20161217 F-Secure     Application.Tool.SIY     20161217 GData     Application.Tool.SIY     20161217 Jiangmin     Trojan.Agent.aqqh     20161216 K7GW     Riskware ( 0040eff71 ) […]

Malspam E-mail Leads to Ransomware Cerber/Zerber Infection 4fv3b5.exe Vector FULL PCAP FILE DOWNLOAD Traffic Sample

SHA256: 2f2b2e30abe71f9a93d6ad7418facf0fcc1323fa0017682f254becf99848e43c File name: 4fv3b5.exe Detection ratio: 39 / 56 Analysis date: 2016-12-16 08:39:47 UTC ( 0 minutes ago ) Avira (no cloud) TR/Dropper.btuyq 20161216 BitDefender Trojan.GenericKD.3903694 20161216 Bkav W32.DominasaAST.Trojan 20161215 CAT-QuickHeal TrojanRansom.Zerber 20161216 CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20161024 DrWeb Trojan.Encoder.7233 20161216 ESET-NOD32 Win32/Filecoder.Cerber.C 20161216 Emsisoft Trojan.GenericKD.3903694 (B) 20161216 F-Secure Trojan.GenericKD.3903694 20161216 Fortinet W32/Malicious_Behavior.VEX 20161216 GData Trojan.GenericKD.3903694 20161216 K7AntiVirus Trojan ( 004ff8881 ) 20161216 K7GW Trojan ( 004ff8881 ) 20161216 Kaspersky Trojan-Ransom.Win32.Zerber.apnm 20161216 Malwarebytes Ransom.Locky 20161216 McAfee Generic.atf 20161216 McAfee-GW-Edition BehavesLike.Win32.Ransom.dc 20161216 eScan Trojan.GenericKD.3903694 20161216 Microsoft Ransom:Win32/Genasom!rfn 20161216 btc.blockr.io displays a page on how to pay to get your […]