2015-11-23 - BIZCN GATE ACTOR NUCLEAR EK FROM 5.175.193.253 - 369504.6210.YANI-ET.XYZ

ASSOCIATED FILES:

• ZIP archive of the PCAP:  2015-11-23-BizCN-gate-actor-Nuclear-EK-sends-CryptoWall-4.0-traffic.pcap.zip   980.5 kB (980,507 bytes)
• ZIP archive of the malware:  2015-11-23-BizCN-gate-actor-Nuclear-EK-sends-CryptoWall-4.0-malware-and-artifacts.zip   438.3 kB (438,267 bytes)

 

IMAGES

Shown above:  Pcap of the traffic filtered in Wireshark.

Shown above:  Injected script in page from the compromised website.

Shown above:  CryptoWall 4.0 retrieved from the infected host.

Shown above:  Artfiacts left over after the CryptoWall 4.0 infection.

Shown above:  Desktop after the CryptoWall 4.0 infection.

Shown above:  User checking the decrypt instructions for the ransom payment info.

 

FINAL NOTES

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.