RIG Exploit Kit EK Delivers Cerber Ransomware Malware PCAP file download traffic sample

2016-10-18 14:40:36.304404 IP 10.10.18.102.49185 > 195.133.201.132.80: Flags [P.], seq 1:477, ack 1, win 258, length 476: HTTP: GET /?x3qJc7iVLB3LDIU=l3SKfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weJMwNHqpuRQuA60Q6jyLlFdM0ilROKvWBSy7sUUg4T6BgY0Q HTTP/1.1
E….O@…N+

.f…..!.P0.X.]..MP…….GET /?x3qJc7iVLB3LDIU=l3SKfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weJMwNHqpuRQuA60Q6jyLlFdM0ilROKvWBSy7sUUg4T6BgY0Q HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Referer: http://www.basket-brabant.be/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: add.jamesthorpebourbon.com
Connection: Keep-Alive

2016-10-18 14:40:36.504124 IP 195.133.201.132.80 > 10.10.18.102.49185: Flags [.], ack 477, win 237, length 0
E..(.T@.5…….

.f.P.!]..M0.Z.P…E+..
2016-10-18 14:40:37.014717 IP 195.133.201.132.80 > 10.10.18.102.49185: Flags [.], seq 1:1322, ack 477, win 237, length 1321: HTTP: HTTP/1.1 200 OK
E..Q.U@.5…….

.f.P.!]..M0.Z.P…….HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Tue, 18 Oct 2016 18:40:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 18876
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

2016-10-18 14:41:31.393471 IP 10.10.18.102.54101 > 31.184.234.169.6892: UDP, length 9
E..%.^……

.f…..U…..Xhi008c1c4………
2016-10-18 14:41:31.393481 IP 10.10.18.102.54101 > 31.184.234.170.6892: UDP, length 9
E..%._……

.f…..U…..Whi008c1c4………
2016-10-18 14:41:31.393494 IP 10.10.18.102.54101 > 31.184.234.171.6892: UDP, length 9
E..%.`……

.f…..U…..Vhi008c1c4………
2016-10-18 14:41:31.393504 IP 10.10.18.102.54101 > 31.184.234.172.6892: UDP, length 9
E..%.a……

.f…..U…..Uhi008c1c4………
2016-10-18 14:41:31.393514 IP 10.10.18.102.54101 > 31.184.234.173.6892: UDP, length 9
E..%.b……

.f…..U…..Thi008c1c4………
2016-10-18 14:41:31.393524 IP 10.10.18.102.54101 > 31.184.234.174.6892: UDP, length 9
E..%.c……

.f…..U…..Shi008c1c4………
2016-10-18 14:41:31.393534 IP 10.10.18.102.54101 > 31.184.234.175.6892: UDP, length 9
E..%.d……

.f…..U…..Rhi008c1c4………
2016-10-18 14:41:31.393544 IP 10.10.18.102.54101 > 31.184.234.176.6892: UDP, length 9
E..%.e……

.f…..U…..Qhi008c1c4………
2016-10-18 14:41:31.393554 IP 10.10.18.102.54101 > 31.184.234.177.6892: UDP, length 9
E..%.f……

.f…..U…..Phi008c1c4………
2016-10-18 14:41:31.393565 IP 10.10.18.102.54101 > 31.184.234.178.6892: UDP, length 9
E..%.g……

.f…..U…..Ohi008c1c4………
2016-10-18 14:41:31.393575 IP 10.10.18.102.54101 > 31.184.234.179.6892: UDP, length 9
E..%.h……

.f…..U…..Nhi008c1c4………
2016-10-18 14:41:31.393585 IP 10.10.18.102.54101 > 31.184.234.180.6892: UDP, length 9
E..%.i……

.f…..U…..Mhi008c1c4………
2016-10-18 14:41:31.393598 IP 10.10.18.102.54101 > 31.184.234.181.6892: UDP, length 9
E..%.j……

.f…..U…..Lhi008c1c4………
2016-10-18 14:41:31.393608 IP 10.10.18.102.54101 > 31.184.234.182.6892: UDP, length 9
E..%.k……

.f…..U…..Khi008c1c4………
2016-10-18 14:41:31.393618 IP 10.10.18.102.54101 > 31.184.234.183.6892: UDP, length 9
E..%.l…..}

.f…..U…..Jhi008c1c4………
2016-10-18 14:41:31.393628 IP 10.10.18.102.54101 > 31.184.234.184.6892: UDP, length 9
E..%.m…..{