2017-01-06 - Sundown EK from 188.165.163.226 and 93.190.143.201

OTHER NOTES: The URL patterns for Sundown EK changed starting 2017-01-05 to what I’m showing for today. TRAFFIC. Shown above: Pcap from the infection traffic filtered in Wireshark. SUNDOWN EK: 188.165.163.226 port 80 - eud.3204.mobi - GET /index.php?9W7EBUOp191ha3GjlA=4y23ZDynh_NRHnyN0aRE9FnWh5o0_xI-rVWoyQUxcwvxksnowbciR2Mb; 188.

Article Link: http://www.malware-traffic-analysis.net/2017/01/06/index2.html