2016-02-24 - COMPROMISED WEBSITE GENERATES TWO ANGLER EK CHAINS

PCAPS AND MALWARE:

 

NOTES:

 


Shown above:  Injected script in page from the compromised site leading to an "admedia" gate.

 


Shown above:  Later in the same page, you'll find other injected script that leads directly to Angler EK.

 

DETAILS

DATE/TIME:  2016-02-24 16:45 UTC

 


Shown above:  Traffic from the first pcap filtered in Wireshark.

 

MD5 HASHES FOR EXPLOITS AND PAYLOAD FROM EACH INSTANCE OF ANGLER EK:

 


Shown above:  Angler EK sending the Silverlight exploit.

 


Shown above:  Contents of the Silverlight exploit sent by Angler EK.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.