2015-11-23 - BIZCN GATE ACTOR NUCLEAR EK FROM 220.127.116.11 - 369504.6210.YANI-ET.XYZ
- ZIP archive of the PCAP: 2015-11-23-BizCN-gate-actor-Nuclear-EK-sends-CryptoWall-4.0-traffic.pcap.zip 980.5 kB (980,507 bytes)
- ZIP archive of the malware: 2015-11-23-BizCN-gate-actor-Nuclear-EK-sends-CryptoWall-4.0-malware-and-artifacts.zip 438.3 kB (438,267 bytes)
Shown above: Pcap of the traffic filtered in Wireshark.
Shown above: Injected script in page from the compromised website.
Shown above: CryptoWall 4.0 retrieved from the infected host.
Shown above: Artfiacts left over after the CryptoWall 4.0 infection.
Shown above: Desktop after the CryptoWall 4.0 infection.
Shown above: User checking the decrypt instructions for the ransom payment info.
ZIP files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Click here to return to the main page.