Vitali Kremez
  • Home
  • About
  • Contact
  • Cyber Security
  • Cyber Intel
  • Programming
  • Reverse Engineering
  • Exploit Development
  • Penetration Test
  • WIN32 Assembly
  • On Writing
    • Blog
    • LSAT
    • Photo
  • Honeypot
  • Forum

ElTest -> Rig Exploit Kit -> Bandarchor Ransomware Traffic Analysis

8/31/2016

0 Comments

 
Source: malware-traffic-analysis.net

​The infection method is as follows:
  • www[.]tdca[.]ca - Compromised site
  • mapobifi[.]xyz - 85.93.0.110 port 80 – EITest gate
  •  ew[.]203kcontractorsarkansas[.]com - 109.234.36.220 port 80 -  Rig EK
  • 109.236.87.204 - GET /default.jpg - Post-infection traffic caused by the Bandarchor ransomware
  • 109.236.87.204 - POST /yyy/fers.php - Post-infection traffic caused by the Bandarchor ransomware
*Analyze PCAP using filter “http.request”
Picture

Read More
0 Comments

    Author

    Vitali Kremez

    Archives

    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    January 2016
    December 2015

    Categories

    All

    RSS Feed

Powered by Create your own unique website with customizable templates.
  • Home
  • About
  • Contact
  • Cyber Security
  • Cyber Intel
  • Programming
  • Reverse Engineering
  • Exploit Development
  • Penetration Test
  • WIN32 Assembly
  • On Writing
    • Blog
    • LSAT
    • Photo
  • Honeypot
  • Forum