2015-12-21 - ANGLER EK SENDS CRYPTOWALL

ASSOCIATED FILES:

 

NOTES:

 

CHAIN OF EVENTS

 

TRAFFIC - FIRST EXAMPLE:

 

TRAFFIC - SECOND EXAMPLE:

 

TRAFFIC - THIRD EXAMPLE:

 

SCREENSHOTS


Shown above:  Start of first malicious code in page from compromised site that led to Angler EK.

 


Shown above:  End of first malicious code in page from compromised site that led to Angler EK.

 


Shown above:  Start of second malicious code in page from compromised site that led to beladonna33.ga/052F gate.

 

FINAL NOTES

Once again, here's the PCAP of the traffic and ZIP file of the malware:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.