2014-05-01 - ANGLER EK FROM 184.82.69.94 - 51M9O.LICITAJYJANYSWED.INFO

ASSOCIATED FILES:

PREVIOUS ANGLER EK:

NOTE: Nothing new here that we haven't seen before.  Just keeping track...

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

INFECTION CHAIN OF EVENTS (SILVERLIGHT AND FLASH EXPLOITS)

INFECTION CHAIN OF EVENTS (JAVA EXPLOIT)

 

PRELIMINARY MALWARE ANALYSIS

 

SNORT EVENTS

SNORT EVENTS FOR THE INFECTION TRAFFIC (from Sguil on Security Onion)

 

OTHER NOTES

The Silverlight exploit used in Angler EK is updated frequently--the modified date for this one is less than 48 hours ago.

 

The Java exploit used by Angler EK was last updated in February 2014--over 2 months ago.

 

FINAL NOTES

Once again, here are links for the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.