2015-11-21 - BIZCN GATE ACTOR NUCLEAR EK FROM 18.104.22.168 - 48637930475.KUPUTSTER.XYZ
- ZIP archive of the PCAP: 2015-11-21-BizCN-gate-actor-Nuclear-EK-sends-CryptoWall-4.0-traffic.pcap.zip 707.9 kB (707,883 bytes)
- ZIP archive of the malware: 2015-11-21-BizCN-gate-actor-Nuclear-EK-sends-CryptoWall-4.0-artifacts.zip 441.3 kB (441,335 bytes)
Shown above: Pcap of the traffic filtered in Wireshark.
Shown above: Injected script in page from comromised website.
Shown above: CryptoWall 4.0 retrieved from the infected host.
Shown above: Artifacts left behind after the CryptoWall 4.0 infection.
Shown above: Desktop of the infected host after the CryptoWall 4.0 infection.
Shown above: User checking decrypt instructions for the ransom payment info.
ZIP files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Click here to return to the main page.