Angler Exploit Kit Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en792
es78
de32
ar32
fr20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

es76
nl36
de32
ar32
fr20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Angler Exploit Kit5
Charming Kitten1
Silence1
Rig Exploit Kit1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined76
Operating System46
Content Management System24
Programming Language Software10
Groupware Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined82
Apple38
Microsoft18
Adobe14
Pligg10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple Mac OS X Server34
Pligg CMS10
Adobe Acrobat Reader6
YaBB6
Microsoft Windows6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.090.00113CVE-2008-2052
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.020.00000
3Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.00000
4OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00250CVE-2005-1612
5EyouCms Logout redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00093CVE-2021-39501
6phpMyAdmin Redirect url.php 7pk security7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00764CVE-2015-7873
7Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.050.00062CVE-2017-12138
8Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.030.00263CVE-2009-2814
9Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00526CVE-2011-0643
10JBoss KeyCloak Login/Logout redirect6.46.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00115CVE-2018-14658
11Apple Mac OS X Server LaunchServices memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00350CVE-2004-0538
12Apple Mac OS X Server Profile Manager cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00406CVE-2013-1855
13PHP Link Directory page.php sql injection7.37.0$0-$5kCalculatingHighOfficial Fix0.000.00079CVE-2008-6851
14WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.00073CVE-2008-0507
15OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.340.00440CVE-2014-2230
16Apple Mac OS X Server kevent denial of service4.03.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00054CVE-2006-6127
17apple Mac OS X Server denial of service10.09.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.05939CVE-2006-6061
18Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00193CVE-2014-100038
19Red Hat Mobile Application Platform Logout Endpoint redirect4.64.6$5k-$25k$0-$5kNot DefinedNot Defined0.000.00084CVE-2020-1723
20Apache jUDDI Logout redirect6.26.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00110CVE-2015-5241

IOC - Indicator of Compromise (48)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.30.46.38free.eurobyte.ruAngler Exploit Kit04/07/2022verifiedHigh
250.62.123.1p3nlhg674c1674.shr.prod.phx3.secureserver.netAngler Exploit Kit04/06/2022verifiedHigh
362.221.204.114v21009.2is.nlAngler Exploit Kit04/06/2022verifiedHigh
469.162.64.156156-64-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
569.162.64.158158-64-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
669.162.86.3636-86-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
769.162.90.107107-90-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
869.162.116.123123-116-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
969.162.116.125125-116-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
1075.103.83.9Angler Exploit Kit04/06/2022verifiedHigh
11XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
12XX.XX.XXX.XXXxxxxxxxxxxxxxxxxx.xxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
13XX.XX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
14XX.XX.XXX.XXXxxxxxx-xx-xx-xx-xxx-xxx.xxxxxx.xx-xxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
15XX.XX.XXX.XXXxxxxxx-xx-xx-xx-xxx-xxx.xxxxxx.xx-xxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
16XX.XX.X.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
17XX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
18XX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
19XX.XXX.XXX.XXXxx-xxxxxx-xx-xxx-xxx-xxx.xxxxxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
20XX.XXX.XXX.XXXxxxxxxxxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
21XX.XXX.X.XXXXxxxxx Xxxxxxx Xxx04/14/2022verifiedHigh
22XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
23XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
24XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
25XXX.XXX.XXX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
26XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
27XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
28XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
29XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
30XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
31XXX.XXX.XX.XXXxxxxxxxx-xxxx.xxxxxxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
32XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
33XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
34XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
35XXX.XX.XX.XXXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
36XXX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
37XXX.XXX.XX.XXXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
38XXX.X.XXX.XXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
39XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
40XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
41XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
42XXX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
43XXX.XXX.XXX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
44XXX.XXX.XX.XXxxxxxxxxxx.xxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
45XXX.XXX.XXX.Xx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
46XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
47XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
48XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (123)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/analysisProject/pagingQueryDatapredictiveHigh
3File/api/baskets/{name}predictiveHigh
4File/downloadpredictiveMedium
5File/find_v2/_clickpredictiveHigh
6File/forum/away.phppredictiveHigh
7File/hardwarepredictiveMedium
8File/horde/util/go.phppredictiveHigh
9File/modules/profile/index.phppredictiveHigh
10File/oauth/logout?redirect=urlpredictiveHigh
11File/out.phppredictiveMedium
12File/redirect?urlpredictiveHigh
13File/replicationpredictiveMedium
14Fileadclick.phppredictiveMedium
15Fileadd2.phppredictiveMedium
16Fileadmin.jcomments.phppredictiveHigh
17Fileadmin/admin_users.phppredictiveHigh
18Fileadmin/changedata.phppredictiveHigh
19Fileadmin/conf_users_edit.phppredictiveHigh
20Filexxxxx/xxxxx.xxxpredictiveHigh
21Filexxxxx_xxxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
22Filexxxxx_xxxxxx.xxxpredictiveHigh
23Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
24Filex:\xxxxxxx xxxxx\xxxxx xxx\xxxxxx\xxxx.xxxpredictiveHigh
25Filexxxxx_xxxx.xpredictiveMedium
26Filexxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
28Filexxxxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
31Filexxxx.xxxpredictiveMedium
32Filexx/xxxxx/xxxxxxx.xpredictiveHigh
33Filexx.xxxpredictiveLow
34Filexxxx.xxxpredictiveMedium
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxx_xxx.xxxpredictiveMedium
40Filexxxxxxx/xxx.xxxpredictiveHigh
41Filexxx/xxxxx.xxxxpredictiveHigh
42Filexxxx.xxxpredictiveMedium
43Filexxxxxxx.xxpredictiveMedium
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxx.xxxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxxxx.xxxpredictiveMedium
48Filexxxxxxxx.xxpredictiveMedium
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxx.xxxpredictiveHigh
51Filexxxx/xxxxxxpredictiveMedium
52Filexxxxxx_xxxx.xxxpredictiveHigh
53Filexxxxxx/xxxxx.xxxpredictiveHigh
54Filexxxx_xxxx_xxxxpredictiveHigh
55Filexxxxxx.xxxpredictiveMedium
56Filexxxx.xxxpredictiveMedium
57Filexxxxxx.xxxxpredictiveMedium
58Filexxxxxxx/xxxxxx.xxxpredictiveHigh
59Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
60Filexxxx-xxxxxxxx.xxxpredictiveHigh
61Filexx.xxxpredictiveLow
62Filexxx.xxxpredictiveLow
63Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
64Filexxxxxx/xx/xxxx.xxxpredictiveHigh
65Filexxxxxxx.xxxpredictiveMedium
66Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
67Filexxxx.xxpredictiveLow
68File__xxxx_xxxxxxxx.xxxpredictiveHigh
69Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveHigh
70Libraryxxxxxx.xxxpredictiveMedium
71Libraryxxxxxxxxx.xxxpredictiveHigh
72Libraryxxxxxx.xxxpredictiveMedium
73ArgumentxxxxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxpredictiveLow
76ArgumentxxxpredictiveLow
77Argumentxxxxxx[xxxx]predictiveMedium
78Argumentxxxxxxxxx[x]predictiveMedium
79ArgumentxxxxpredictiveLow
80Argumentxx_xxpredictiveLow
81ArgumentxxxxpredictiveLow
82ArgumentxxxxxxxxxpredictiveMedium
83ArgumentxxpredictiveLow
84Argumentxx=xxxxxx)predictiveMedium
85ArgumentxxxxpredictiveLow
86ArgumentxxpredictiveLow
87ArgumentxxxxxxxpredictiveLow
88Argumentxxxxx[xxxxx][xx]predictiveHigh
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxxx_xxxxpredictiveMedium
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxpredictiveLow
93Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
94ArgumentxxxxpredictiveLow
95Argumentxxxx/xxxxx/xxxxxxxpredictiveHigh
96ArgumentxxxxxxxxxxpredictiveMedium
97ArgumentxxxxxxpredictiveLow
98ArgumentxxxxpredictiveLow
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxxxpredictiveMedium
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxxxxpredictiveMedium
103Argumentxxxx_xxxxpredictiveMedium
104Argumentxxxxx_xxxx_xxxxpredictiveHigh
105ArgumentxxxxxxxxxxpredictiveMedium
106ArgumentxxxxxxxxxxxxxpredictiveHigh
107ArgumentxxxxxxxxpredictiveMedium
108ArgumentxxxxxxxxxpredictiveMedium
109ArgumentxxxxxxpredictiveLow
110ArgumentxxxxxxxpredictiveLow
111Argumentxxxxxxxx_xxxxxpredictiveHigh
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxpredictiveLow
114Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
115ArgumentxxxxpredictiveLow
116ArgumentxxxpredictiveLow
117ArgumentxxxpredictiveLow
118Argument_xxxx[_xxx_xxxx_xxxx]predictiveHigh
119Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
120Argument_x_xxxxxxxxpredictiveMedium
121Input Valuexxxx://xxx.%xxxxxx-xxx%.xxxxx/xxxxxxxx-xxxxxx-xxx?%xxxxxx-xxx%.predictiveHigh
122Input Value….//predictiveLow
123Pattern|xx xx xx xx|predictiveHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!