2016-02-09 - ANGLER EK FROM 80.78.243.50 SENDS TESLACRYPT

PCAP AND MALWARE:

• ZIP archive of the above PCAP:  2016-02-09-Angler-EK-sends-TeslaCrypt-traffic.pcap.zip  688.7 kB (688,679 bytes)
• ZIP archive of the malware and artifacts:  2016-02-09-Angler-EK-sends-TeslaCrypt-malware-and-artifacts.zip  525.9 kB (525,911 bytes)

 

CHAIN OF EVENTS

START DATE/TIME: 2016-02-09 16:26 UTC

ASSOCIATED DOMAINS:

• centrestage.org - Compromised website
• 80.78.243.50 port 80 - galmerartmaliumherziehender.strongsvillechurch.com - Angler EK
• 222.165.133.242 port 80 - hnb.net - TeslaCrypt callback traffic

 

FINAL NOTES

Once again, here are the associated files:

• ZIP archive of the above PCAP:  2016-02-09-Angler-EK-sends-TeslaCrypt-traffic.pcap.zip  688.7 kB (688,679 bytes)
• ZIP archive of the malware and artifacts:  2016-02-09-Angler-EK-sends-TeslaCrypt-malware-and-artifacts.zip  525.9 kB (525,911 bytes)

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.