2015-11-23 - ANGLER EK FROM 51.255.25.10 SENDS CRYPTOWALL 3.0

ASSOCIATED FILES:

• PCAP of the traffic:  2015-11-23-Angler-EK-sends-CryptoWall-3.0-traffic.pcap   861.6 kB (861,621 bytes)
• ZIP archive of the PCAP:  2015-11-23-Angler-EK-sends-CryptoWall-3.0-traffic.pcap.zip   760.0 kB (759,993 bytes)
• ZIP archive of the malware:  2015-11-23-Angler-EK-malware-and-artifacts.zip   324.6 kB (324,639 bytes)

 

IMAGES

Shown above:  Pcap of the traffic filtered in Wireshark.

Shown above:  Decrypt instructions showing the malware is CryptoWall 3.0.

 

FINAL NOTES

The ZIP files are password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.