2015-06-09 - ANGLER EK - STILL ON A "CRYPTOWALL RAMPAGE"

PCAP AND MALWARE:

 

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

TRFFIC FROM THE FIRST RUN:

 

TRAFFIC FROM THE SECOND RUN:

 

IMAGES FROM THE TRAFFIC

Malicious script in page from infected website:

 

Decrypt instructions with bitcoin address for the ransom:

 

FINAL NOTES

Once again, here are the associated files:

The ZIP file is password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.