2016-03-29 - EK DATA DUMP (5 ANGLER, 1 NUCLEAR)

PCAPS AND MALWARE:

 

PCAPS AND MALWARE:

 

TRAFFIC

SOME DOMAINS FROM THE PCAPS:

 

IMAGES


Shown above:  Pcaps for this blog entry's traffic filtered in Wireshark.

 


Shown above:  Start of injected pseudo-Darkleech script in page from first compromised website.

 


Shown above:  Injected script in page from second compromised website pointing to a hopto.org gate.

 


Shown above:  The previous image with the hopto.org gate returned pseudo-Darkleech script that pointed to Angler EK.

 


Shown above:  Start of injected pseudo-Darkleech script in page from third compromised website.

 


Shown above:  Injected script in page from fourth compromised website pointing to a gate.

 


Shown above:  The gate noted in the previous image returned pseudo-Darkleech script that pointed to Nuclear EK.

 


Shown above:  Injected EITest script in page from fifth compromised website.

 


Shown above:  Injected script in sixth compromised site pointing to Angler EK.

 

FINAL NOTES

Once again, here are the associated files:

The ZIP files are password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.