Tag: Neutrino Exploit Kit

E

EITest Gate at 85.93.0.12 Leads to Neutrino EK at 107.6.177.5 Which Delivers CryptMIC

IOCs: 85.93.0.12 – hesamut.top – EITest gate IP and domain 107.6.177.5 – kierrell.bartonjuniorschool.com – Neutrino EK 85.14.243.9 – CryptMIC ransomware post-infection callback Decryption Domains: hxxp://7aggi2bq4bms4dfo.onion.to hxxp://7aggi2bq4bms4dfo.onion.city Ransom Notes: README.html README.txt README.bmp File Hashes: EITest Gate Flash Redirect: 93838c299f7dfd0365023dc51d92b27395dca449b8a8bc6e7ad10fc6abc39ebc Neutrino EK Flash Exploit: 80f8636298193c9965b9e9d3f7759207ebaf3cd1b4c7c3f4d6a2462026ebce25 I’ve written about EITest gate for the last couple of months and ...

p

pseudoDarkleech Script Leads to Neutrino EK at 92.222.122.52 Which Drops CryptMIC Ransomware

IOCs: 92.222.122.52 – seyhocacm.assistkd.com – Neutrino Exploit Kit 85.14.243.9 – CryptMIC Ransomware C2 via TCP port 443 (clear text) Payment Sites: hxxp://ccjlwb22w6c22p2k.onion.to hxxp://ccjlwb22w6c22p2k.onion.city Ransom notes: README.txt README.bmp README.html As Brad Duncan from malware-traffic-analysis.net points out there has been a recent change in patterns for the pseudoDarkleech campaign. It has shifted from large blocks of obfuscated ...