Monthly Archives: August 2016

Pulling apart Rig Exploit Kit

In the last post, A look at a cross bred Neutrino EK–Rig EK Flash file we see where the two exploit kits were merged into one. This one is pure Rig and looks the same on the surface as other … Continue reading

Posted in Malware, Networking, Programming, security | Tagged , | 1 Comment

A look at a cross bred Neutrino EK–Rig EK Flash file

A recent post by Jérôme Segura of Malwarebytes https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/08/neutrino-ek-more-flash-trickery/ Although this post showed the flash file being sent from the compromised site rather than a “Gate” is interesting. What is more interesting is what is inside of this flash file. … Continue reading

Posted in Malware, security | Tagged | 2 Comments

Pulling apart Neutrino EK

I’ve spent the last few days going from top to bottom of 3 different Neutrino EK infections. The one I will show here is from Broad Analysis @BroadAnalysis  from their site http://www.broadanalysis.com/2016/08/08/new-c2-neutrino-exploit-kit-via-pseudodarkleech-hopto-org-gate-delivers-crypmic-ransomware/ You can download the pcap of the traffic … Continue reading

Posted in Malware, Programming | Tagged , , | 2 Comments

My first deep look at KRYPTOS K4

My fist exposure to KRYPTOS was most likely when I seen it used in the TV Series Alias. I most likely looked it up, got an idea of what it was about then forgot about it it for the next … Continue reading

Posted in Cipher | Tagged , | 1 Comment