2016-01-28 - COMPROMISED WEBSITE GENERATES BOTH ANGLER EK AND RIG EK

PCAP AND MALWARE:

 

 

TRAFFIC

ASSOCIATED DOMAINS:

 

IMAGES


Shown above:  Injected script in page from the compromised website leading to Angler EK.

 


Shown above:  Today's CryptoWall sample infecting another Windows host.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.