2015-09-14 - BIZCN GATE ACTOR NEUTRINO EK FROM 46.108.156.189 PORT 35827 - KXHGOKBJQC.UOQBZFYXDCT.CF

PCAP AND MALWARE:

 

NOTES:

 

 

TRAFFIC

ASSOCIATED DOMAINS:

 

COMPROMISED WEBSITE AND REDIRECT:

 

NEUTRINO EK:

 

POST-INFECTION TRAFFIC CAUSED BY THE CRYPTOWALL 3.0 PAYLOAD:

 

FINAL NOTES

Once again, here are the associated files:

The ZIP file is password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.