2016-01-29 - ANGLER EK FROM 5.135.104.85 SENDS CRYPTOWALL

PCAP AND MALWARE:

 

TRAFFIC

INFECTION TRAFFIC:

 

IP ADDRESSES AND DOMAINS FOR CALLBACK TRAFFIC FROM CRYPTOWALL SAMPLE:

 

IMAGES


Shown above:  Today's pcap filtered in Wireshark.

 


Shown above:  Today's CryptoWall sample infecting a Windows desktop.

 


Shown above:  CryptoWall callback traffic when I tested the malware sample.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.