ReferencesExploit Kits

Angler

XXX - AEK - Axpergle - Status: Retired - Last seen: 2016-06-07

References:
  • A unique 'bodiless' bot attacks news site visitors - 2012-03-16 - Securelist - Sergey Golovanov Angler CVE-2011-3544 Lurk
  • A closer look at the Angler exploit kit - 2015-07-21 - Sophos - Fraser Howard Angler CVE-2014-6332
  • Attacking Diffie-Hellman protocol implementation in the Angler Exploit Kit - 2015-09-08 - Securelist - Victor Alyushin - Dmitry Vinogradov - Vasily Davydov - Anton Ivanov Angler CVE-2015-2419 CVE-2015-5560
  • XXX is Angler EK - 2015-12-21 - MDNC - Kafeine Angler Lurk Cool
  • Is it the End of Angler ? - 2016-06-11 - MDNC - Kafeine Angler Lurk Nuclear SadClowns GooNky EITest WordsJS ScriptJS

    • More Reading:

  • CVE-2014-0569 (Flash Player) integrating Exploit Kit - 2014-10-21 - MDNC - Kafeine CVE-2014-0569 Chthonic Fiesta Angler Astrum Sweet Orange FlashPack RIG Magnitude KovCoreG Kovter
  • The proof is in the cookie - 2014-11-05 - Malwarebytes - Jérôme Segura AdGholas Angler
  • CVE-2015-0310 (Flash 15.0.0.242 and below) integrating Exploit Kits - 2015-01-16 - MDNC - Kafeine CVE-2015-0310 Angler
  • A Closer Look at the Exploit Kit in CVE-2015-0313 Attack - 2015-02-03 - Trend Micro - Brooks Li CVE-2015-0313 Hanjuan Angler
  • [en] OpenX Hacks example (malvertising) - 2015-05-19 - Malekal - Malekal WordsJS Angler
  • Large malvertising campaign targeting the Netherlands - 2015-06-15 - Fox-IT - Yonathan Klijnsma VirtualDonna Angler
  • A fileless Ursnif doing some POS focused reco - 2015-07-05 - MDNC - Kafeine RecoLoad Angler
  • Angler Exploit Kit Used to Find and Infect PoS Systems - 2015-07-27 - Trendmicro - Anthony Joe Melgarejo RecoLoad Angler
  • Large Malvertising Campaign Goes (Almost) Undetected - 2015-09-14 - Malwarebytes - Jérôme Segura VirtualDonna Angler
  • Shifu <3 Great Britain - 2015-09-24 - MDNC - Kafeine Shifu VirtualDonna Angler
  • 3,000 High-Profile Japanese Sites Hit By Massive Malvertising Campaign - 2015-09-30 - Trend Micro - Joseph C. Chen VirtualDonna Angler
  • This looks like #Fessleak dropping #Malvertising via psychecentral[.]com. Bing referred for Depression test. - 2015-10-12 - Twitter - BelchSpeak WordsJS Angler
  • A DoubleClick https open redirect used in some malvertising chain - 2015-10-15 - MDNC - Kafeine VirtualDonna Angler
  • Inside Jahoo (Otlard.A ?) - A spam Botnet - 2015-11-28 - MDNC - Kafeine Otlard VirtualDonna Angler Nuclear ProxyBack Ramnit
  • Malvertising Hits DailyMotion, Serves Up Angler EK - 2015-12-07 - Malwarebytes - Jérôme Segura VirtualDonna Angler
  • The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK - 2015-12-15 - Proofpoint - Kafeine GooNky Angler CVE-2016-3351
  • Let’s Encrypt Now Being Abused By Malvertisers - 2016-01-06 - Trend Micro - Joseph C. Chen GooNky Angler
  • Music-themed Malvertising Lead To Angler - 2016-01-19 - Zscaler - ThreatLabz WordsJS Angler
  • Vawtrak and UrlZone Banking Trojans Target Japan - 2016-02-05 - Proofpoint - Proofpoint Staff URLZone Vawtrak Angler
  • Operation Fingerprint: A Look Into Several Angler Exploit Kit Malvertising Campaigns - 2016-03-01 - MalwarebytesGeoEdge - Eugene Aseev - Jérôme Segura VirtualDonna GooNky AdGholas Angler
  • Angler Takes Malvertising to New Heights - 2016-03-14 - SpiderLabs - Daniel Chechik - Simon Kenin - Rami Kogan VirtualDonna Angler
  • A Look Into Malvertising Attacks Targeting The UK - 2016-03-16 - Malwarebytes - Jérôme Segura GooNky Angler
  • CryptXXX: New Ransomware From the Actors Behind Reveton, Dropping Via Angler - 2016-04-18 - Proofpoint - Kafeine CryptXXX Angler Dridex
  • CryptXXX 2.0: Ransomware Authors Strike Back Against Free Decryption Tool - 2016-05-09 - Proofpoint - Proofpoint Staff CryptXXX GooNky Angler
  • Top Chilean News Website Emol Pushes Angler Exploit Kit - 2016-05-11 - Malwarebytes - Jérôme Segura WordsJS Angler
  • Lurk Banker Trojan: Exclusively for Russia - 2016-06-10 - Securelist - Alexey Shulmin - Mikhail Prokhorenko Lurk Angler
  • Massive AdGholas Malvertising Campaigns Use Steganography and File Whitelisting to Hide in Plain Sight - 2016-07-28 - Proofpoint - Kafeine AdGholas Angler
  • Microsoft Patches CVE-2016-3351 Zero-Day, Exploited By AdGholas and GooNky Malvertising Groups - 2016-09-13 - Proofpoint - Kafeine CVE-2016-3351 GooNky AdGholas Angler Astrum
  • Wajam Browser Add-on Serves Malvertising - 2016-10-20 - Malwarebytes - Jérôme Segura VirtualDonna Angler
  • RIG evolves, Neutrino waves goodbye, Empire Pack appears - 2016-10-22 - MDNC - Kafeine RIG Empire Neutrino Angler Nuclear Sutra BlackHole
  • Threat Actor Profile: KovCoreG, The Kovter Saga - 2017-11-01 - Proofpoint - Kafeine Kovter KovCoreG Angler Sweet Orange Nuclear Sakura BlackHole Neutrino Fiesta Styx EITest
  • EITest: Sinkholing the oldest infection chain - 2018-04-12 - Proofpoint - Kafeine EITest Glazunov Angler Gootkit Cerber CryptXXX Smokebot

    • Screenshots: