2015-09-08 - NEUTRINO EK FROM 46.108.156.190 SENDS CRYPTOWALL 3.0

ASSOCIATED FILES:

 

NOTES:

 


Shown above: Malicious script injected in page from compromised website.

Shown above: Bitcoin address from the CryptoWall 3.0 decrypt web page.

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

TRAFFIC:

 

FINAL NOTES

Once again, here are the associated files:

The ZIP file is password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.