2016-03-24 - ANGLER AND NUCLEAR EK KICKED OFF BY SAME COMPROMISED SITE

ASSOCIATED FILES:

• ZIP archive of the pcap:  2016-03-24-Angler-and-Nuclear-EK-after-macfly-studio.com.pcap.zip  1.2 MB (1,152,487 bytes)
• ZIP archive of the malware and artifacts:  2016-03-24-Angler-and-Nuclear-EK-after-macfly-studio.com-malware-and-artifacts.zip  864.7 kB (864,656 bytes)

 

NOTES:

• Gotta run...  No time for notes.

 

IMAGES

Just wanted to say the TeslaCrypt sent by Angler EK encrypted the text file for Locky's decrypt instructions.

 

FINAL NOTES

Once again, here are the associated files:

• ZIP archive of the pcap:  2016-03-24-Angler-and-Nuclear-EK-after-macfly-studio.com.pcap.zip  1.2 MB (1,152,487 bytes)
• ZIP archive of the malware and artifacts:  2016-03-24-Angler-and-Nuclear-EK-after-macfly-studio.com-malware-and-artifacts.zip  864.7 kB (864,656 bytes)

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.