2015-07-22 - NUCLEAR EK CHANGES URL PATTERNS

PCAP AND MALWARE:

 

NOTES:

 

FIRST EXAMPLE:  WINDIGO GROUP NUCLEAR EK

ASSOCIATED DOMAINS:

 

COMPROMISED WEBSITE AND CUSHION REDIRECT:

 

NUCLEAR EK:

 

SOME OF THE POST-INFECTION TRAFFIC CAUSED BY THE GLUPTEBA MALWARE PAYLOAD:

 

SECOND EXAMPLE:  BIZCN GATE ACTOR NUCLEAR EK

ASSOCIATED DOMAINS:

 

COMPROMISED WEBSITE AND BIZCN-REGISTERED GATE:

 

NUCLEAR EK:

 

POST-INFECTION TRAFFIC CAUSED BY THE CRYPTOWALL 3.0 PAYLOAD:

 

THIRD EXAMPLE:  OTHER NUCLEAR EK

ASSOCIATED DOMAINS:

 

NUCLEAR EK:

 

FINAL NOTES

Once again, here are the associated files:

Click here to return to the main page.