2015-09-14 - ANGLER EK FROM 207.182.157.157 SENDS CRYPTOWALL 3.0

PCAP AND MALWARE:

 

NOTES:


Shown above: Decrypt instructions from the CryptoWall sample

 

TRAFFIC

ASSOCIATED DOMAINS:

 


Shown above: Malicious script in compromised website pointing to Angler EK.

 

ANGLER EK:

 

POST-INFECTION TRAFFIC CAUSED BY THE CRYPTOWALL 3.0 PAYLOAD:

 

USER CLICKING ON THE LINKS FOR THE DECRYPT INSTRUCTIONS:

 

FINAL NOTES

Once again, here are the associated files:

The ZIP file is password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.