2015-11-19 - BIZCN GATE ACTOR NUCLEAR EK FROM 18.104.22.168 - 16953.FALMUEMB.XYZ
- ZIP archive of the PCAP: 2015-11-19-BizCN-gate-actor-Nuclear-EK-traffic.pcap.zip 467.4 kB (467,446 bytes)
- ZIP archive of the malware: 2015-11-19-BizCN-gate-actor-Nuclear-EK-malware-and-artifacts.zip 427.5 kB (427,493 bytes)
Shown above: Desktop after the CryptoWall 3.0 infection.
Shown above: Checking the decrypt instructions after the CryptoWall 3.0 infection.
Shown above: Some of the artifacts left behind after the CryptoWall 3.0 infection.
Shown above: Pcap of the infection traffic filtered in Wireshark.
Shown above: Malware retrieved from the infected host.
Shown above: Malicious script in page from compromised website.
Shown above: Examples of the gate domains on 22.214.171.124/24.
ZIP files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Click here to return to the main page.