2016-04-01 - PSEUDO DARKLEECH ANGLER EK FROM 185.82.216.45 SENDS TESLACRYPT

PCAP AND MALWARE:

 

NOTES:


Shown above:  The infected Windows desktop after today's TeslaCrypt infection.

 

TRAFFIC


Shown above:  Pcap for this blog entry's traffic filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

IMAGES


Shown above:  Start of injected pseudo-Darkleech script in page from the compromised website.

 

FINAL NOTES

Once again, here are the associated files:

The ZIP files are password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.