When I began analysing I did not save any files (doh!). From now on I will save files for the community to view.
Below is a set of older analysis from my Twitter:
#RigEK(#Rig_V) via #Afraidgate delivers #GodzillaLoader and #Osiris #Locky. #ransomware instead of my dream villa in Mauritius #exploitkit pic.twitter.com/yh3K6mk85o
— Zerophage (@Zerophage1337) January 11, 2017
#RigEK (#Rig_V) with new patterns via #pseudoDarkleech. Failed #Cerber (Didn't get any #ransomware) or possible #Conficker was payload. pic.twitter.com/MLMkDzN8lK
— Zerophage (@Zerophage1337) January 3, 2017
#RigEK (#Rig_V) with new patterns! via #pseudoDarkleech. There was no download URL and the payload appeared to fail. #malware pic.twitter.com/5Lnhl9MXMl
— Zerophage (@Zerophage1337) December 29, 2016
#RigEK (#Rig_V) via unknown gate? Anyone seen this before? Had trouble finding it in the source code, I would like to know more! #Malware pic.twitter.com/yDLoWhcAO2
— Zerophage (@Zerophage1337) December 29, 2016
#SundownEK via #TDS delivers #Terdot/#Zloader. Thanks to James @cyber_attacks for the compromised site! pic.twitter.com/TA5LtIDitQ
— Zerophage (@Zerophage1337) December 24, 2016
Xmas holiday means nostalgia. Here is a pcap from 16 Oct – #RigEK delivering #GodzillaLoader. Huge landing page downloads .odin #Locky. pic.twitter.com/u5NVGCj2Sz
— Zerophage (@Zerophage1337) December 23, 2016
#RigEK (#Rig_V) via #Afraidgate delivers #GodzillaLoader and #Osiris #Locky. Two payloads for the price of one visit and no pre-landing/POST pic.twitter.com/GDOXjxkyu9
— Zerophage (@Zerophage1337) December 22, 2016
#RigEK (#Rig_V) via #Afraidgate delivers #GodzillaLoader. Did not observe any further malware but have my beady eye on it. #malware pic.twitter.com/kEcSdtBioA
— Zerophage (@Zerophage1337) December 21, 2016
#RigEK (@Rig_E) via #EITEST delivers #Hancitor aka #Chanitor loader. #Vawtrak suspected and maybe others… pic.twitter.com/0f1MDS58eG
— Zerophage (@Zerophage1337) December 20, 2016