Nuclear Exploit Kit from 5.9.96.162 Sends TeslaCrypt

ASSOCIATED DOMAINS:

  • 193.218.152.24 – www.blackstorkstudio.com – Flash Parameter Redirect
  • 85.93.0.68 – beddrf.tk – EITEST GATE
  • 5.9.96.162 – cool.margaritajyxawd.top – Nuclear LANDING PAGE
  • 212.227.247.229 – bonjourtablier.com – POST /wp-content/uploads/eac.phpTelsaCrypt POST INFECTION TRAFFIC

 

IMAGES and DETAILS:

Shown above: Flash parameter redirect to gate beddrf.tk

 

Shown above: Redirect gate pointing to Nuclear landing page

 

Shown above: TeslaCrypt payload delivery

 

Shown above: TeslaCrypt ransom note

 

EXPLOITS AND PAYLOAD FROM NUCLEAR EK: