2015-09-11 - BIZCN GATE ACTOR NEUTRINO EK FROM 46.108.156[.]189 PORT 32393 - SENDS CRYPTOWALL 3.0 RANSOMWARE

NOTICE:

ASSSOCIATED FILES:

 

NOTES:

 


Shown above: Alerts from Sguil on Security Onion after using tcpreplay on a pcap of today's infection traffic.

 

TRAFFIC

ASSOCIATED DOMAINS:

 

COMPROMISED WEBSITE AND REDIRECT:

 

NEUTRINO EK:

 

POST-INFECTION TRAFFIC CAUSED BY THE CRYPTOWALL 3.0 RANSOMWARE PAYLOAD:

 

THE USER TRYING TO VIEW EACH OF THE WEB PAGES FOR THE CRYPTOWALL 3.0 RANSOMWARE DECRYPT INSTRUCTIONS (ALL 4 OF THEM):

 

Click here to return to the main page.