Tag: H1N1

IOCs: 159.203.83.164 – theglades-newlaunch.com – Compromised Site 185.117.73.96 – dqxwriw.rfasy90.top – Rig EK 185.93.185.3 – POST and GET requests via direct IP – H1N1 traffic POST 185.93.185.3/h/gate.php GET 185.93.185.3/zp/1bc.php?[truncated] Traffic: Hashes: SHA256: f0a89d5750ba6da934ac7cd680aad81b8b53c1647605ee325186d7e1009de79c File name: RigEK Landing Page.html SHA256: cff2e04045c905426c4e1974f591ce45011b21ac82f8880ab8ede85175427db6 File name: RigEK Flash Exploit.swf SHA256: 540148c35dd8fb861e5472f68224f899dd7bea4c9216ed6fdcda430c5632b3b5 File name: svcxdcl32.exe SHA256: e9b48129a44804a0e2140e6f1a66621816e95e5786f41d2f0afe8403b63f4a6b File name: svcxdcl32.dat ...