2015-09-29 - ANGLER EK FROM 85.25.102.2 SENDS CRYPTOWALL 3.0

PCAP AND MALWARE:

 

NOTES:

 

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

INFECTION TRAFFIC:

 

POST-INFECTION TRAFFIC:

 

FINAL NOTES

Once again, here's the PCAP of the traffic and ZIP file of the malware:

The ZIP file is password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.