Translate

2/13/2014

ANGLER EXPLOIT KIT:
IP 37.9.53.204
Category MALICIOUS IP/DOMAIN
(UNITED KINGDOM & RUSSIAN FEDERATION)




The following DOMAIN / IP is compromised with the ANGLER EXPLOIT KIT which mainly is to use vulnerbilities in Microsoft SILVERLIGHT.

ORIGINS: UNITED KINGDOM & RUSSIAN FEDERATION

http://37.9.53.204/
  • https://www.virustotal.com/de/url/248fe87973d0950dbe2699af672f4cfa25b99d6642e33fa04e995af929d97cc0/analysis/1392317892/
SPECIFIC LINK:
http://37.9.53.204/mobile.php?niche=newcj
  • https://www.virustotal.com/de/url/fd0581fc5f7e6b847021e161e81a7b67edab23275cf66aa05055f983e3df4fee/analysis/1392317833/
Malware.HTML.Iframe (paranoid heuristics)
  • http://virusscan.jotti.org/de/scanresult/6f18ec5f9439692aa66e4b0a8b021a2ee1073e6a
  • https://www.virustotal.com/de/file/cfae597233232ae04ac8fdc4809a00159c720e657ca6c32a4c4d5e45bdba9568/analysis/1392319600/
SCRIPT(s) CAN BE FOUND HERE:
  • http://jsunpack.jeek.org/?report=4404603b06b5bc656d0d7364c99f9921ba109afc
0) Angler exploit kit URL pattern
1) Angler EK Landing Page
2) Possible AnglerEK Java Exploit/Payload Structure Jan 16 2014
3) suspicious - gzipped file via JAVA - could be pack200-ed JAR
4) Possible Secondary Indicator of Java Exploit (Artifact Observed mostly in EKs/a few mis-configured apps)
5) Angler EK encrypted binary (3) Jan 17 2013

  • https://urlquery.net/report.php?id=9424546
The complete analysis review with more details can be found here:
Document hosting: UploadEdit.com




Keine Kommentare:

Kommentar veröffentlichen