2018-04-27 - DATA DUMP (NECURS BOTNET, EMOTET, TRICKBOT)

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

NECURS BOTNET MALSPAM USES ABS VBS LOADER TO PUSH FLAWEDAMMYY:

• 2018-04-27-Necurs-Botnet-malspam-tracker-10-examples.csv.zip   1.1 kB (1,103 bytes)
• 2018-04-27-Necurs-Botnet-malspam-partial-infection-traffic.pcap.zip   41.7 kB (41,708 bytes)
• 2018-04-27-Necurs-Botnet-malspam-and-attachments.zip   33.9 kB (33,875 bytes)
• 120-VBS-files-from-185_99_133_132.zip   262 kB (262,268 bytes)
• NOTE:  Server hosting the FlawedAmmyy binary was taken off-line, so I could not generate a full infection chain.

EMOTET INFECTION WITH ZEUS PANDA BANKER:

• 2018-04-27-Emotet-malspam-12-email-examples.txt.zip   2.6 kB (2,581 bytes)
• 2018-04-27-Emotet-infection-with-Zeus-Panda-Banker.pcap.zip   4.2 MB (4,167,222 bytes)
• 2018-04-27-malware-from-Emotet-infection.zip   445 kB (445,096 bytes)

TRICKBOT INFECTION:

• 2018-04-27-Trickbot-malspam-1141-UTC.eml.zip   33.9 kB (33,924 bytes)
• 2018-04-27-Trickbot-infection-traffic.pcap.zip   16.7 MB (16,716,695 bytes)
• 2018-04-27-malware-from-Trickbot-infection.zip   486 kB (486,339 bytes)

 

Click here to return to the main page.