TRAFFIC. Shown above: Injected script from the EITest campaign from the compromised site. Shown above: Pcap of the infection traffic filtered in Wireshark. ASSOCIATED DOMAINS: cavallinomotorsport.com - Compromised site; 185.156.173.99 port 80 - sjxkv.gotdirolhersheck.top - Rig-E; 45.56.117.118 port 53 - TCP-based DNS query for pationare.
Article Link: http://www.malware-traffic-analysis.net/2016/12/27/index.html