2015-11-20 - BIZCN GATE ACTOR NUCLEAR EK FROM 5.231.54[.]59 - 51649.EDINDAGODL[.]XYZ

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSSOCIATED FILES:

• 2015-11-20-BizCN-gate-actor-Nuclear-EK-traffic.pcap.zip   440.3 kB (440,344 bytes)
• 2015-11-20-BizCN-gate-actor-Nuclear-EK-malware-and-artifacts.zip   452.6 kB (452,648 bytes)

 

IMAGES

Shown above:  Injected script in page from compromised website.

Shown above:  CryptoWall ransomware sample retrieved from the infected host.

Shown above:  Artifacts left behind after the CryptoWall ransomware infection.

Shown above:  Pcap of the traffic filtered in Wireshark.

 

FINAL NOTES

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.