2015-10-18 - ANGLER EK SENDS BEDEP AND VAWTRAK

ASSOCIATED FILES:

 

CHAIN OF EVENTS


Shown above:  Results in Security Onion after using tcpreplay on the pcap.

 


Shown above:  Script injected into pages from the compromised website.

 


Shown above:  First pcap, filtered in Wireshark on HTTP requests.

 


Shown above:  Second pcap, filtered in Wireshark on HTTP requests.

 


Shown above:  Third pcap, filtered in Wireshark on HTTP requests.

 

ASSOCIATED DOMAINS:

 

MALWARE RETRIEVED FROM ONE OF THE INFECTED HOSTS

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.