Tag Archives: Networking

A new version of the Rig EK

It looks like the developers of the Rig EK have been busy. In my last post Pulling apart Rig Exploit Kit we see the way the decompiled flash file looked. It used several action script files and used 2 different … Continue reading

Posted in Malware, Networking, security | Tagged , , | 3 Comments

De-obfuscating Cerber Malspam file

On July 1’st 2016 I seen a tweet by Herbie Zimmerman   @HerbieZimmerman where he had gotten a zip file from some malaspam  containing an obfuscated Java Script file. The infection chain is documented on his site here https://www.herbiez.com/?p=550 He had … Continue reading

Posted in Malware, Networking, security | Tagged , | Leave a comment

Unknown Exploit Kit

When I first seen a screenshot of this one that’s what this was, Unknown. Here is the twitter message that Jérôme Segura from Malwarebytes posted. and the response by William Metcalf @node5 replied that it was Sundown/Xer and they steal … Continue reading

Posted in Computer, Malware, Networking, security | Tagged ,

Decoding Angler Exploit Kit

After my last post Some data on Angler Exploit Kit I had received a request to write up a tutorial on decoding the Angler EK.  The Question is where to start ? Since they seem to be on vacation or … Continue reading

Posted in Malware, Programming, security | Tagged , ,

Some data on Angler Exploit Kit

Here is some data assembled from Multiple Pcap’s. First I would like to thank Brad @malware_traffic for all of the Pcap’s and write-ups posted on http://www.malware-traffic-analysis.net/. I have downloaded All (almost all I’m sure I missed a couple) Pcap files … Continue reading

Posted in Malware, Networking, security | Tagged , | 2 Comments

2016-03-30 – TRAFFIC ANALYSIS EXERCISE – MARCH MADNESS

Here is another “Malware Traffic Exercise”. The Scenario: The last company we were working for at Cupids Arrow in one of the last exercise went bankrupt and do to needing  a job we accepted the offer from the former owners … Continue reading

Posted in Malware, Networking, security | Tagged ,

2016-03-24 – ANGLER AND NUCLEAR EK KICKED OFF BY SAME COMPROMISED SITE

In this Traffic we get the chance to look at 2 infections from the same site, but I will concentrate mainly on the exploit kits themselves and the similarities between them noticed while looking at the decoded source code. You … Continue reading

Posted in Malware, Networking, security | Tagged , ,