2015-09-29 - ANGLER EK FROM 85.25.102.2 SENDS CRYPTOWALL 3.0

PCAP AND MALWARE:

 

NOTES:

 

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

INFECTION TRAFFIC:

 

POST-INFECTION TRAFFIC:

 

FINAL NOTES

Once again, here's the PCAP of the traffic and ZIP file of the malware:

NOTE:  All zip archives on this site are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.