2016-03-24 - ANGLER AND NUCLEAR EK KICKED OFF BY SAME COMPROMISED SITE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2016-03-24-Angler-and-Nuclear-EK-from-one-compromised-site.pcap.zip  1.2 MB (1,152,491 bytes)
• 2016-03-24-Angler-and-Nuclear-EK-malware-and-artifacts.zip  866.2 kB (866,152 bytes)

 

NOTES:

• Gotta run...  No time for notes.

 

IMAGES

The TeslaCrypt ransomware sent by Angler EK encrypted the text file for Locky ransomware's decryption instructions (Locky sent by Nuclear EK).

 

Click here to return to the main page.