Angler Exploit Kit Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en824
es42
ar34
de20
jp18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ES: Spain40
NL: Netherland40
AR: Argentina34
DE: Germany20
JP: Japan18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Angler Exploit Kit5
Charming Kitten1
Socks5 Systemz1
TeslaCrypt1
Silence1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined78
Operating System40
Content Management System20
Programming Language Software16
Smartphone Operating System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined80
Apple36
Microsoft10
Google8
Oracle8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple Mac OS X Server34
Google Android6
Microsoft Internet Explorer6
Pligg CMS6
PHP Link Directory4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.05CVE-2008-2052
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.87
3Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.50
4OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.09CVE-2005-1612
5EyouCms Logout redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.03CVE-2021-39501
6phpMyAdmin Redirect url.php 7pk security7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.007640.23CVE-2015-7873
7Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.000620.03CVE-2017-12138
8Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.05CVE-2009-2814
9Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
10JBoss KeyCloak Login/Logout redirect6.46.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.05CVE-2018-14658
11Apple Mac OS X Server LaunchServices memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.003500.00CVE-2004-0538
12Apple Mac OS X Server Profile Manager cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.004060.00CVE-2013-1855
13PHP Link Directory page.php sql injection7.37.0$0-$5kCalculatingHighOfficial Fix0.000790.00CVE-2008-6851
14WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000790.50CVE-2008-0507
15Apple Mac OS X Server kevent denial of service4.03.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001450.00CVE-2006-6127
16apple Mac OS X Server denial of service10.09.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.059390.04CVE-2006-6061
17Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001930.08CVE-2014-100038
18OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.23CVE-2014-2230
19Red Hat Mobile Application Platform Logout Endpoint redirect4.64.6$5k-$25k$0-$5kNot DefinedNot Defined0.000840.00CVE-2020-1723
20Apache jUDDI Logout redirect6.26.2$5k-$25k$5k-$25kNot DefinedNot Defined0.001100.00CVE-2015-5241

IOC - Indicator of Compromise (48)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.30.46.38free.eurobyte.ruAngler Exploit Kit04/07/2022verifiedMedium
250.62.123.1p3nlhg674c1674.shr.prod.phx3.secureserver.netAngler Exploit Kit04/06/2022verifiedMedium
362.221.204.114v21009.2is.nlAngler Exploit Kit04/06/2022verifiedMedium
469.162.64.156156-64-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedMedium
569.162.64.158158-64-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedMedium
669.162.86.3636-86-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedMedium
769.162.90.107107-90-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedMedium
869.162.116.123123-116-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedMedium
969.162.116.125125-116-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedMedium
1075.103.83.9Angler Exploit Kit04/06/2022verifiedMedium
11XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
12XX.XX.XXX.XXXxxxxxxxxxxxxxxxxx.xxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedLow
13XX.XX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
14XX.XX.XXX.XXXxxxxxx-xx-xx-xx-xxx-xxx.xxxxxx.xx-xxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
15XX.XX.XXX.XXXxxxxxx-xx-xx-xx-xxx-xxx.xxxxxx.xx-xxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
16XX.XX.X.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
17XX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
18XX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
19XX.XXX.XXX.XXXxx-xxxxxx-xx-xxx-xxx-xxx.xxxxxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
20XX.XXX.XXX.XXXxxxxxxxxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
21XX.XXX.X.XXXXxxxxx Xxxxxxx Xxx04/14/2022verifiedMedium
22XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
23XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
24XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
25XXX.XXX.XXX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
26XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
27XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
28XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
29XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
30XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
31XXX.XXX.XX.XXXxxxxxxxx-xxxx.xxxxxxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
32XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
33XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
34XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
35XXX.XX.XX.XXXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
36XXX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
37XXX.XXX.XX.XXXXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
38XXX.X.XXX.XXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
39XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
40XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
41XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
42XXX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
43XXX.XXX.XXX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedMedium
44XXX.XXX.XX.XXxxxxxxxxxx.xxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
45XXX.XXX.XXX.Xx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
46XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
47XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedMedium
48XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedLow

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (124)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/analysisProject/pagingQueryDatapredictiveHigh
3File/api/baskets/{name}predictiveHigh
4File/cgi-bin/nas_sharing.cgipredictiveHigh
5File/downloadpredictiveMedium
6File/find_v2/_clickpredictiveHigh
7File/forum/away.phppredictiveHigh
8File/hardwarepredictiveMedium
9File/horde/util/go.phppredictiveHigh
10File/modules/profile/index.phppredictiveHigh
11File/oauth/logout?redirect=urlpredictiveHigh
12File/out.phppredictiveMedium
13File/redirect?urlpredictiveHigh
14File/replicationpredictiveMedium
15Fileadclick.phppredictiveMedium
16Fileadd2.phppredictiveMedium
17Fileadmin.jcomments.phppredictiveHigh
18Fileadmin/admin_users.phppredictiveHigh
19Fileadmin/changedata.phppredictiveHigh
20Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
21Filexxxxx/xxxxx.xxxpredictiveHigh
22Filexxxxx_xxxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
23Filexxxxx_xxxxxx.xxxpredictiveHigh
24Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
25Filex:\xxxxxxx xxxxx\xxxxx xxx\xxxxxx\xxxx.xxxpredictiveHigh
26Filexxxxx_xxxx.xpredictiveMedium
27Filexxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
29Filexxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexx/xxxxx/xxxxxxx.xpredictiveHigh
35Filexx.xxxpredictiveLow
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
39Filexxxxx.xxxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxx_xxx.xxxpredictiveMedium
42Filexxxxxxx/xxx.xxxpredictiveHigh
43Filexxx/xxxxx.xxxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxx.xxpredictiveMedium
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxx.xxxpredictiveMedium
48Filexxxxx.xxxpredictiveMedium
49Filexxxxx.xxxpredictiveMedium
50Filexxxxxxxx.xxpredictiveMedium
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxx.xxxpredictiveHigh
53Filexxxx/xxxxxxpredictiveMedium
54Filexxxxxx_xxxx.xxxpredictiveHigh
55Filexxxxxx/xxxxx.xxxpredictiveHigh
56Filexxxx_xxxx_xxxxpredictiveHigh
57Filexxxx.xxxpredictiveMedium
58Filexxxxxx.xxxxpredictiveMedium
59Filexxxxxxx/xxxxxx.xxxpredictiveHigh
60Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
61Filexxxx-xxxxxxxx.xxxpredictiveHigh
62Filexx.xxxpredictiveLow
63Filexxx.xxxpredictiveLow
64Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
65Filexxxxxx/xx/xxxx.xxxpredictiveHigh
66Filexxxxxxx.xxxpredictiveMedium
67Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
68Filexxxx.xxpredictiveLow
69File__xxxx_xxxxxxxx.xxxpredictiveHigh
70Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveHigh
71Libraryxxxxxxxxx.xxxpredictiveHigh
72Libraryxxxxxx.xxxpredictiveMedium
73ArgumentxxxxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxpredictiveLow
76ArgumentxxxpredictiveLow
77Argumentxxxxxx[xxxx]predictiveMedium
78Argumentxxxxxxxxx[x]predictiveMedium
79ArgumentxxxxpredictiveLow
80Argumentxx_xxpredictiveLow
81ArgumentxxxxpredictiveLow
82ArgumentxxxxxxxxxpredictiveMedium
83ArgumentxxpredictiveLow
84Argumentxx=xxxxxx)predictiveMedium
85ArgumentxxxxpredictiveLow
86ArgumentxxpredictiveLow
87ArgumentxxxxxxxpredictiveLow
88Argumentxxxxx[xxxxx][xx]predictiveHigh
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxxx_xxxxpredictiveMedium
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxpredictiveLow
93Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
94ArgumentxxxxpredictiveLow
95Argumentxxxx/xxxxx/xxxxxxxpredictiveHigh
96ArgumentxxxxxxxxxxpredictiveMedium
97ArgumentxxxxxxpredictiveLow
98ArgumentxxxxpredictiveLow
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxxxpredictiveMedium
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxxxxpredictiveMedium
103Argumentxxxx_xxxxpredictiveMedium
104Argumentxxxxx_xxxx_xxxxpredictiveHigh
105ArgumentxxxxxxxxxxpredictiveMedium
106ArgumentxxxxxxxxxxxxxpredictiveHigh
107ArgumentxxxxxxxxpredictiveMedium
108ArgumentxxxxxxxxxpredictiveMedium
109ArgumentxxxxxxpredictiveLow
110ArgumentxxxxxxxpredictiveLow
111Argumentxxxxxxxx_xxxxxpredictiveHigh
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxxxxpredictiveLow
114ArgumentxxxpredictiveLow
115Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
116ArgumentxxxxpredictiveLow
117ArgumentxxxpredictiveLow
118ArgumentxxxpredictiveLow
119Argument_xxxx[_xxx_xxxx_xxxx]predictiveHigh
120Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
121Argument_x_xxxxxxxxpredictiveMedium
122Input Valuexxxx://xxx.%xxxxxx-xxx%.xxxxx/xxxxxxxx-xxxxxx-xxx?%xxxxxx-xxx%.predictiveHigh
123Input Value….//predictiveLow
124Pattern|xx xx xx xx|predictiveHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!