2016-02-09 - ANGLER EK FROM 80.78.243[.]50 SENDS TESLACRYPT RANSOMWARE

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2016-02-09-Angler-EK-sends-TeslaCrypt-ransomware.pcap.zip  688.7 kB (688,685 bytes)
• 2016-02-09-Angler-EK-and-TeslaCrypt-ransomware-files.zip  526.9 kB (526,909 bytes)

 

CHAIN OF EVENTS

START DATE/TIME: 2016-02-09 16:26 UTC

ASSOCIATED DOMAINS:

• centrestage[.]org - Compromised website
• 80.78.243[.]50 port 80 - galmerartmaliumherziehender.strongsvillechurch[.]com - Angler EK
• 222.165.133[.]242 port 80 - hnb[.]net - TeslaCrypt ransomware callback traffic

 

Click here to return to the main page.