Angler EK from 185.49.68.149 sends TeslaCrypt


ASSOCIATED DOMAINS:

  • mlmprofesional.com COMPROMISED SITE
  • 185.49.68.149 – humanistisirisena.effectivepublicspeakingnj.com – ANGLER EK
  • 46.101.17.191 – qwe.yasyka1lyamhochy.info – ADMEDIA GATE (DID NOT PLAY A ROLE IN INFECTION)
  • 192.185.39.66 – biocarbon.com.ec POST /wp-content/uploads/bstr.php – POST TESLACRYPT TRAFFIC

IMAGES:

 

 

MD5 HASHES FOR EXPLOITS AND PAYLOAD FROM ANGLER EK:

For details see previous Analyses HERE