Tag: Neutrino Exploit Kit


EITest Gate at Leads to Neutrino EK at Which Delivers CryptMIC

IOCs: – hesamut.top – EITest gate IP and domain – kierrell.bartonjuniorschool.com – Neutrino EK – CryptMIC ransomware post-infection callback Decryption Domains: hxxp://7aggi2bq4bms4dfo.onion.to hxxp://7aggi2bq4bms4dfo.onion.city Ransom Notes: README.html README.txt README.bmp File Hashes: EITest Gate Flash Redirect: 93838c299f7dfd0365023dc51d92b27395dca449b8a8bc6e7ad10fc6abc39ebc Neutrino EK Flash Exploit: 80f8636298193c9965b9e9d3f7759207ebaf3cd1b4c7c3f4d6a2462026ebce25 I’ve written about EITest gate for the last couple of months and ...


pseudoDarkleech Script Leads to Neutrino EK at Which Drops CryptMIC Ransomware

IOCs: – seyhocacm.assistkd.com – Neutrino Exploit Kit – CryptMIC Ransomware C2 via TCP port 443 (clear text) Payment Sites: hxxp://ccjlwb22w6c22p2k.onion.to hxxp://ccjlwb22w6c22p2k.onion.city Ransom notes: README.txt README.bmp README.html As Brad Duncan from malware-traffic-analysis.net points out there has been a recent change in patterns for the pseudoDarkleech campaign. It has shifted from large blocks of obfuscated ...