Angler EK Starts Bedep TelsaCrypt Infection Chain

ASSOCIATED DOMAINS:

  • 188.120.255.249 – flippant.mygghub.com – GET /g1RCwEN.htmlAngler LANDING PAGE
  • 23.193.173.11 – www.ecb.europa.eu – Bedep CONNECTION CHECK
  • 104.193.252.245 – Bedep POST INFECTION TRAFFIC
  • 198.105.244.228 – Bedep POST INFECTION TRAFFIC
  • 72.41.18.212 – traditions-and-custom.com – POST /strfile.phpTeslaCrypt POST INFECTION TRAFFIC

 

IMAGES and DETAILS:

Shown above: Compromised site redirecting to new Angler Exploit landing page URI pattern

 

Shown above: TeslaCrypt post infection communication with C2 “strfile.php

 

Shown above: TeslaCrypt ransom note

 

EXPLOITS AND PAYLOAD FROM ANGLER EK:

ARTIFACTS FROM ANGLER EXPLOIT:

2016-04-07-flippant-mygghub-com-Artifact.dll
Virus Total Link