2015-12-04 - ANGLER EK FROM 126.96.36.199 SENDS TESLACRYPT
- ZIP archive of the PCAP: 2015-12-04-Angler-EK-sends-TeslaCrypt-traffic.pcap.zip 1.0 MB (1,009,474 bytes)
- ZIP archive of the malware: 2015-12-04-Angler-EK-sends-TeslaCrypt-malware-and-artifacts.zip 470.2 kB (470,227 bytes)
Shown above: Injected script in page from comrpomised website.
Shown above: Gate redirecting traffic from the compromised website to Angler EK landing page.
Shown above: Pcap of the traffic filtered in Wireshark.
Shown above: Alerts seen using tcpreplay on the pcap in Security Onion.
Shown above: Windows desktop after the TeslaCrypt infection.
ZIP files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Click here to return to the main page.