Tag: H1N1


EITest Leads to Rig EK at Which Sends H1N1

IOCs: – theglades-newlaunch.com – Compromised Site – dqxwriw.rfasy90.top – Rig EK – POST and GET requests via direct IP – H1N1 traffic POST GET[truncated] Traffic: Hashes: SHA256: f0a89d5750ba6da934ac7cd680aad81b8b53c1647605ee325186d7e1009de79c File name: RigEK Landing Page.html SHA256: cff2e04045c905426c4e1974f591ce45011b21ac82f8880ab8ede85175427db6 File name: RigEK Flash Exploit.swf SHA256: 540148c35dd8fb861e5472f68224f899dd7bea4c9216ed6fdcda430c5632b3b5 File name: svcxdcl32.exe SHA256: e9b48129a44804a0e2140e6f1a66621816e95e5786f41d2f0afe8403b63f4a6b File name: svcxdcl32.dat ...