2015-07-03 - ANGLER EK SENDS CRYPTOWALL 3.0 RANSOMWARE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2015-07-03-Angler-EK-sends-CryptoWall-3.0-ransomware.pcap.zip
• 2015-07-03-Angler-EK-and-CryptoWall-3.0-ransomware-files.zip

 

NOTES:

• Bitcoin address for this CryptoWall 3.0 ransomware sample is: 1KEwC5NQM8ZQpnJghMknbySurXfJZfZhZx

 

TRAFFIC

ASSOCIATED DOMAINS:

• 216.144.244[.]147 port 80 - hallitsemallatake0.southchandlerhomesforsale[.]com - Angler EK
• ip-addr[.]es - location/IP check by the infected host
• 31.169.73[.]74 port 80 - dugunburada[.]com - CryptoWall 3.0 ransomware check-in
• 81.169.145[.]164 port 80 - egobook[.]de - CryptoWall 3.0 ransomware check-in
• 95.163.121[.]228 port 80 - 6i3cb6owitcouepv.paybalanceto[.]com - Infected host accessing decrypt instructions
• 95.163.121[.]228 port 80 - 6i3cb6owitcouepv.paybrakepoint[.]com - Infected host accessing decrypt instructions

 

IMAGES

 

Click here to return to the main page.