Angler Exploit Kit Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en784
es72
de30
ar26
fr24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

es70
nl40
de30
ar26
fr24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple Mac OS X Server44
Pligg CMS10
YaBB6
Adobe Acrobat Reader6
Apple iOS4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.04CVE-2008-2052
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.49
3Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.37
4OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
5EyouCms Logout redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001410.00CVE-2021-39501
6phpMyAdmin Redirect url.php 7pk security7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.007640.06CVE-2015-7873
7Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.000620.04CVE-2017-12138
8Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.04CVE-2009-2814
9Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
10JBoss KeyCloak Login/Logout redirect6.46.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001150.00CVE-2018-14658
11Apple Mac OS X Server LaunchServices memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.003500.00CVE-2004-0538
12Apple Mac OS X Server Profile Manager cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.004060.00CVE-2013-1855
13PHP Link Directory page.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000790.00CVE-2008-6851
14WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.40CVE-2008-0507
15OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.22CVE-2014-2230
16Apple Mac OS X Server kevent denial of service4.03.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001450.00CVE-2006-6127
17apple Mac OS X Server denial of service10.09.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.059390.04CVE-2006-6061
18Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001930.03CVE-2014-100038
19Red Hat Mobile Application Platform Logout Endpoint redirect4.64.6$5k-$25k$0-$5kNot DefinedNot Defined0.000840.00CVE-2020-1723
20Apache jUDDI Logout redirect6.26.2$5k-$25k$5k-$25kNot DefinedNot Defined0.001100.00CVE-2015-5241

IOC - Indicator of Compromise (48)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.30.46.38free.eurobyte.ruAngler Exploit Kit04/07/2022verifiedHigh
250.62.123.1p3nlhg674c1674.shr.prod.phx3.secureserver.netAngler Exploit Kit04/06/2022verifiedHigh
362.221.204.114v21009.2is.nlAngler Exploit Kit04/06/2022verifiedHigh
469.162.64.156156-64-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
569.162.64.158158-64-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
669.162.86.3636-86-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
769.162.90.107107-90-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
869.162.116.123123-116-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
969.162.116.125125-116-162-69.static.reverse.lstn.netAngler Exploit Kit04/06/2022verifiedHigh
1075.103.83.9Angler Exploit Kit04/06/2022verifiedHigh
11XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
12XX.XX.XXX.XXXxxxxxxxxxxxxxxxxx.xxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
13XX.XX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
14XX.XX.XXX.XXXxxxxxx-xx-xx-xx-xxx-xxx.xxxxxx.xx-xxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
15XX.XX.XXX.XXXxxxxxx-xx-xx-xx-xxx-xxx.xxxxxx.xx-xxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
16XX.XX.X.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
17XX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
18XX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
19XX.XXX.XXX.XXXxx-xxxxxx-xx-xxx-xxx-xxx.xxxxxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
20XX.XXX.XXX.XXXxxxxxxxxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
21XX.XXX.X.XXXXxxxxx Xxxxxxx Xxx04/14/2022verifiedHigh
22XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
23XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
24XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
25XXX.XXX.XXX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
26XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
27XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
28XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
29XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
30XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
31XXX.XXX.XX.XXXxxxxxxxx-xxxx.xxxxxxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
32XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
33XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
34XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
35XXX.XX.XX.XXXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
36XXX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
37XXX.XXX.XX.XXXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
38XXX.X.XXX.XXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
39XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
40XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
41XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
42XXX.XXX.XX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
43XXX.XXX.XXX.XXXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh
44XXX.XXX.XX.XXxxxxxxxxxx.xxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
45XXX.XXX.XXX.Xx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
46XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
47XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
48XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxx Xxxxxxx Xxx04/07/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (125)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/analysisProject/pagingQueryDatapredictiveHigh
3File/api/baskets/{name}predictiveHigh
4File/cgi-bin/nas_sharing.cgipredictiveHigh
5File/downloadpredictiveMedium
6File/find_v2/_clickpredictiveHigh
7File/forum/away.phppredictiveHigh
8File/hardwarepredictiveMedium
9File/horde/util/go.phppredictiveHigh
10File/modules/profile/index.phppredictiveHigh
11File/oauth/logout?redirect=urlpredictiveHigh
12File/out.phppredictiveMedium
13File/redirect?urlpredictiveHigh
14File/replicationpredictiveMedium
15Fileadclick.phppredictiveMedium
16Fileadd2.phppredictiveMedium
17Fileadmin.jcomments.phppredictiveHigh
18Fileadmin/admin_users.phppredictiveHigh
19Fileadmin/changedata.phppredictiveHigh
20Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
21Filexxxxx/xxxxx.xxxpredictiveHigh
22Filexxxxx_xxxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
23Filexxxxx_xxxxxx.xxxpredictiveHigh
24Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
25Filex:\xxxxxxx xxxxx\xxxxx xxx\xxxxxx\xxxx.xxxpredictiveHigh
26Filexxxxx_xxxx.xpredictiveMedium
27Filexxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
29Filexxxxxxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexx/xxxxx/xxxxxxx.xpredictiveHigh
34Filexx.xxxpredictiveLow
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
38Filexxxxx.xxxxpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxx_xxx.xxxpredictiveMedium
41Filexxxxxxx/xxx.xxxpredictiveHigh
42Filexxx/xxxxx.xxxxpredictiveHigh
43Filexxxx.xxxpredictiveMedium
44Filexxxxxxx.xxpredictiveMedium
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxx.xxxpredictiveMedium
47Filexxxxx.xxxpredictiveMedium
48Filexxxxx.xxxpredictiveMedium
49Filexxxxxxxx.xxpredictiveMedium
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxxxxxx.xxxpredictiveHigh
52Filexxxx/xxxxxxpredictiveMedium
53Filexxxxxx_xxxx.xxxpredictiveHigh
54Filexxxxxx/xxxxx.xxxpredictiveHigh
55Filexxxx_xxxx_xxxxpredictiveHigh
56Filexxxxxx.xxxpredictiveMedium
57Filexxxx.xxxpredictiveMedium
58Filexxxxxx.xxxxpredictiveMedium
59Filexxxxxxx/xxxxxx.xxxpredictiveHigh
60Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
61Filexxxx-xxxxxxxx.xxxpredictiveHigh
62Filexx.xxxpredictiveLow
63Filexxx.xxxpredictiveLow
64Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
65Filexxxxxx/xx/xxxx.xxxpredictiveHigh
66Filexxxxxxx.xxxpredictiveMedium
67Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
68Filexxxx.xxpredictiveLow
69File__xxxx_xxxxxxxx.xxxpredictiveHigh
70Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveHigh
71Libraryxxxxxx.xxxpredictiveMedium
72Libraryxxxxxxxxx.xxxpredictiveHigh
73Libraryxxxxxx.xxxpredictiveMedium
74ArgumentxxxxxpredictiveLow
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxpredictiveLow
77ArgumentxxxpredictiveLow
78Argumentxxxxxx[xxxx]predictiveMedium
79Argumentxxxxxxxxx[x]predictiveMedium
80ArgumentxxxxpredictiveLow
81Argumentxx_xxpredictiveLow
82ArgumentxxxxpredictiveLow
83ArgumentxxxxxxxxxpredictiveMedium
84ArgumentxxpredictiveLow
85Argumentxx=xxxxxx)predictiveMedium
86ArgumentxxxxpredictiveLow
87ArgumentxxpredictiveLow
88ArgumentxxxxxxxpredictiveLow
89Argumentxxxxx[xxxxx][xx]predictiveHigh
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxx_xxxxpredictiveMedium
92ArgumentxxxxpredictiveLow
93ArgumentxxxxxxpredictiveLow
94Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
95ArgumentxxxxpredictiveLow
96Argumentxxxx/xxxxx/xxxxxxxpredictiveHigh
97ArgumentxxxxxxxxxxpredictiveMedium
98ArgumentxxxxxxpredictiveLow
99ArgumentxxxxpredictiveLow
100ArgumentxxxxpredictiveLow
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxpredictiveLow
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxx_xxxxpredictiveMedium
105Argumentxxxxx_xxxx_xxxxpredictiveHigh
106ArgumentxxxxxxxxxxpredictiveMedium
107ArgumentxxxxxxxxxxxxxpredictiveHigh
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxxpredictiveMedium
110ArgumentxxxxxxpredictiveLow
111ArgumentxxxxxxxpredictiveLow
112Argumentxxxxxxxx_xxxxxpredictiveHigh
113ArgumentxxxxxxpredictiveLow
114ArgumentxxxxxxpredictiveLow
115ArgumentxxxpredictiveLow
116Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
117ArgumentxxxxpredictiveLow
118ArgumentxxxpredictiveLow
119ArgumentxxxpredictiveLow
120Argument_xxxx[_xxx_xxxx_xxxx]predictiveHigh
121Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
122Argument_x_xxxxxxxxpredictiveMedium
123Input Valuexxxx://xxx.%xxxxxx-xxx%.xxxxx/xxxxxxxx-xxxxxx-xxx?%xxxxxx-xxx%.predictiveHigh
124Input Value….//predictiveLow
125Pattern|xx xx xx xx|predictiveHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!