2016-02-03 - RECENT EXAMPLES OF NUCLEAR EK SENDING TESLACRYPT RANSOMWARE

PCAP AND MALWARE:

 

NOTES:

 

TRAFFIC

ASSOCIATED DOMAINS:

 

IMAGES


Shown above:  Traffic from the Threatglass 2016-02-01 infection filtered in Wireshark.

 


Shown above:  Traffic from my 2016-02-02 infection filtered in Wireshark.

 


Shown above:  Traffic from my 2016-02-03 infection filtered in Wireshark.

 


Shown above:  An example of the injected script in every javascript (.js) file from the compromised website.

 


Shown above:  An example of the infected Windows desktop after Nuclear EK sent TeslaCrypt ransomware.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.