Neutrino Exploits flash 21,0,0,213 sending DMA Locker 4.0 Ransomware
ASSOCIATED DOMAINS:
- 85.93.0.81 – ctchris.tk – EITEST GATE
- 81.2.240.180 – xoytcce.vublacku.top – Neutrino EK LANDING PAGE
- 80.87.205.115 – GET /2/x64.exe – DMA LOCKER DOWNLOAD
- 80.87.205.115 – GET /2/bbv.exe – DMA LOCKER DOWNLOAD
- 5.8.63.54 – GET /crypto/gate?action=0 – DMA LOCKER C2
IMAGES and DETAILS:
Shown above: EITEST Gate, Neutrino landing page, DMA Locker download and check-in
Shown above: Making it harder to classify Exploit Kit
Shown above: Neutrino exploiting flash version 21,0,0,213
Shown above: DMA Locker 4.0 ransom note
MALICIOUS PAYLOAD DELIVERED BY NEUTRINO EXPLOIT KIT:
- 2016-05-23-x64.exe
Virus Total Link - 2016-05-23-bbv.exe
Virus Total Link