The following DOMAIN / IP is compromised with the ANGLER EXPLOIT KIT which mainly is to use vulnerbilities in Microsoft SILVERLIGHT.
ORIGINS: UNITED KINGDOM & RUSSIAN FEDERATION
http://37.9.53.204/
- https://www.virustotal.com/de/url/248fe87973d0950dbe2699af672f4cfa25b99d6642e33fa04e995af929d97cc0/analysis/1392317892/
http://37.9.53.204/mobile.php?niche=newcj
- https://www.virustotal.com/de/url/fd0581fc5f7e6b847021e161e81a7b67edab23275cf66aa05055f983e3df4fee/analysis/1392317833/
Malware.HTML.Iframe (paranoid heuristics)
- http://virusscan.jotti.org/de/scanresult/6f18ec5f9439692aa66e4b0a8b021a2ee1073e6a
- https://www.virustotal.com/de/file/cfae597233232ae04ac8fdc4809a00159c720e657ca6c32a4c4d5e45bdba9568/analysis/1392319600/
- http://jsunpack.jeek.org/?report=4404603b06b5bc656d0d7364c99f9921ba109afc
1) Angler EK Landing Page
2) Possible AnglerEK Java Exploit/Payload Structure Jan 16 2014
3) suspicious - gzipped file via JAVA - could be pack200-ed JAR
4) Possible Secondary Indicator of Java Exploit (Artifact Observed mostly in EKs/a few mis-configured apps)
5) Angler EK encrypted binary (3) Jan 17 2013
- https://urlquery.net/report.php?id=9424546
Keine Kommentare:
Kommentar veröffentlichen