2015-07-05 - ANGLER EK FROM 5.196.183[.]76 SENDS CRYPTOWALL 3.0 RANSOMWARE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2015-07-05-Angler-EK-sends-CryptoWall-3.0-ransomware.pcap.zip
• 2015-07-05-Angler-EK-and-CryptoWall-3.0-ransomware-files.zip

 

NOTES:

• Bitcoin address for this CryptoWall 3.0 ransomware sample is: 1KEwC5NQM8ZQpnJghMknbySurXfJZfZhZx

 

TRAFFIC

ASSOCIATED DOMAINS:

• 5.196.183[.]76 port 80 - kansansadun-heksagon.bizstarnet[.]com - Angler EK
• ip-addr[.]es - location/IP check by the ransomware
• 111.65.226[.]106 port 80 - ktetley-jones[.]co[.]nz - CryptoWall 3.0 ransomware check-in
• 95.163.121[.]228 port 80 - k6i3cb6owitcouepv.paybalanceto[.]com - Infected host accessing decrypt instructions
• 95.163.121[.]228 port 80 - k6i3cb6owitcouepv.paybrakepoint[.]com - Infected host accessing decrypt instructions

 

Click here to return to the main page.