Angler Exploit Kit Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en802
es54
de36
ar34
fr18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

es52
nl46
de36
ar34
fr18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple Mac OS X Server42
Microsoft Windows16
Pligg CMS6
YaBB4
Tiki Wiki CMS Groupware4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.080.01055CVE-2008-2052
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.510.00000
3Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00000
4OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.190.00986CVE-2005-1612
5EyouCms Logout redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2021-39501
6phpMyAdmin Redirect url.php 7pk security7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01408CVE-2015-7873
7Xoops URL Filter index.php redirect6.66.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2017-12138
8Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.030.01319CVE-2009-2814
9Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.04187CVE-2011-0643
10JBoss KeyCloak Login/Logout redirect6.66.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01018CVE-2018-14658
11Apple Mac OS X Server LaunchServices memory corruption7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.03477CVE-2004-0538
12Apple Mac OS X Server Profile Manager cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01955CVE-2013-1855
13PHP Link Directory page.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.020.00986CVE-2008-6851
14OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.110.01213CVE-2014-2230
15Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.080.01136CVE-2014-100038
16WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.00986CVE-2008-0507
17Apple Mac OS X Server kevent denial of service4.03.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.010.01282CVE-2006-6127
18apple Mac OS X Server denial of service10.09.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.06154CVE-2006-6061
19Red Hat Mobile Application Platform Logout Endpoint redirect4.64.6$5k-$25k$0-$5kNot DefinedNot Defined0.020.00885CVE-2020-1723
20Apache jUDDI Logout redirect6.26.2$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00885CVE-2015-5241

IOC - Indicator of Compromise (49)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
146.30.46.38free.eurobyte.ruAngler Exploit KitverifiedHigh
250.62.123.1p3nlhg674c1674.shr.prod.phx3.secureserver.netAngler Exploit KitverifiedHigh
362.221.204.114v21009.2is.nlAngler Exploit KitverifiedHigh
469.162.64.156156-64-162-69.static.reverse.lstn.netAngler Exploit KitverifiedHigh
569.162.64.158158-64-162-69.static.reverse.lstn.netAngler Exploit KitverifiedHigh
669.162.86.3636-86-162-69.static.reverse.lstn.netAngler Exploit KitverifiedHigh
769.162.90.107107-90-162-69.static.reverse.lstn.netAngler Exploit KitverifiedHigh
869.162.116.123123-116-162-69.static.reverse.lstn.netAngler Exploit KitverifiedHigh
969.162.116.125125-116-162-69.static.reverse.lstn.netAngler Exploit KitverifiedHigh
1075.103.83.9Angler Exploit KitverifiedHigh
11XX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
12XX.XX.XXX.XXXxxxxxxxxxxxxxxxxx.xxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
13XX.XX.XX.XXXxxxxx Xxxxxxx XxxverifiedHigh
14XX.XX.XXX.XXXxxxxxx-xx-xx-xx-xxx-xxx.xxxxxx.xx-xxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
15XX.XX.XXX.XXXxxxxxx-xx-xx-xx-xxx-xxx.xxxxxx.xx-xxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
16XX.XX.X.XXXxxxxx Xxxxxxx XxxverifiedHigh
17XX.XXX.XX.XXXxxxxx Xxxxxxx XxxverifiedHigh
18XX.XXX.XX.XXXxxxxx Xxxxxxx XxxverifiedHigh
19XX.XXX.XXX.XXXxx-xxxxxx-xx-xxx-xxx-xxx.xxxxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
20XX.XXX.XXX.XXXxxxxxxxxxxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
21XX.XXX.X.XXXXxxxxx Xxxxxxx XxxverifiedHigh
22XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
23XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
24XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
25XXX.XXX.XXX.XXXxxxxx Xxxxxxx XxxverifiedHigh
26XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
27XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
28XXX.X.XXX.XXXxxxxxx.xxx.xxx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
29XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
30XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxxx Xxxxxxx XxxverifiedHigh
31XXX.XXX.XX.XXXxxxxxxxx-xxxx.xxxxxxxxxxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
32XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
33XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
34XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
35XXX.XX.XX.XXXxxxxx Xxxxxxx XxxverifiedHigh
36XXX.XXX.XX.XXXxxxxx Xxxxxxx XxxverifiedHigh
37XXX.XXX.XX.XXXXxxxxx Xxxxxxx XxxverifiedHigh
38XXX.X.XXX.XXxxxxx Xxxxxxx XxxverifiedHigh
39XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
40XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
41XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
42XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
43XXX.XXX.XX.XXXxxxxx Xxxxxxx XxxverifiedHigh
44XXX.XXX.XXX.XXXxxxxx Xxxxxxx XxxverifiedHigh
45XXX.XXX.XX.XXxxxxxxxxxx.xxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
46XXX.XXX.XXX.Xx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
47XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
48XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxx.xxxxxxx.xxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh
49XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxx Xxxxxxx XxxverifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (114)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/downloadpredictiveMedium
3File/find_v2/_clickpredictiveHigh
4File/forum/away.phppredictiveHigh
5File/hardwarepredictiveMedium
6File/horde/util/go.phppredictiveHigh
7File/modules/profile/index.phppredictiveHigh
8File/oauth/logout?redirect=urlpredictiveHigh
9File/out.phppredictiveMedium
10File/redirect?urlpredictiveHigh
11File/replicationpredictiveMedium
12File/setup/finishpredictiveHigh
13Fileadclick.phppredictiveMedium
14Fileadd2.phppredictiveMedium
15Fileadmin.jcomments.phppredictiveHigh
16Fileadmin/admin_users.phppredictiveHigh
17Fileadmin/changedata.phppredictiveHigh
18Fileadmin/conf_users_edit.phppredictiveHigh
19Filexxxxx/xxxxx.xxxpredictiveHigh
20Filexxxxx_xxxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
21Filexxxxx_xxxxxx.xxxpredictiveHigh
22Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveHigh
23Filexxxxx_xxxx.xpredictiveMedium
24Filexxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
25Filexxxxxxxxx.xxxpredictiveHigh
26Filexxxx.xxxpredictiveMedium
27Filexx/xxxxx/xxxxxxx.xpredictiveHigh
28Filexx.xxxpredictiveLow
29Filexxxx.xxxpredictiveMedium
30Filexxxxxxxx/xxxxx/xxxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxxpredictiveMedium
32Filexxxxx.xxxpredictiveMedium
33Filexxx_xxx.xxxpredictiveMedium
34Filexxxxxxx/xxx.xxxpredictiveHigh
35Filexxx/xxxxx.xxxxpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxxxx.xxpredictiveMedium
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxxxxxx.xxpredictiveMedium
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxxxxx.xxxpredictiveHigh
45Filexxxx/xxxxxxpredictiveMedium
46Filexxxxxx_xxxx.xxxpredictiveHigh
47Filexxxxxx/xxxxx.xxxpredictiveHigh
48Filexxxx_xxxx_xxxxpredictiveHigh
49Filexxxxxx.xxxpredictiveMedium
50Filexxxx.xxxpredictiveMedium
51Filexxxxxx.xxxxpredictiveMedium
52Filexxxxxxx/xxxxxx.xxxpredictiveHigh
53Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
54Filexxxx-xxxxxxxx.xxxpredictiveHigh
55Filexx.xxxpredictiveLow
56Filexxx.xxxpredictiveLow
57Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
58Filexxxxxx/xx/xxxx.xxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
61Filexxxx.xxpredictiveLow
62File__xxxx_xxxxxxxx.xxxpredictiveHigh
63Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveHigh
64Libraryxxxxxx.xxxpredictiveMedium
65Libraryxxxxxxxxx.xxxpredictiveHigh
66Libraryxxxxxx.xxxpredictiveMedium
67ArgumentxxxxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69ArgumentxxxxxpredictiveLow
70ArgumentxxxpredictiveLow
71Argumentxxxxxx[xxxx]predictiveMedium
72ArgumentxxxxpredictiveLow
73Argumentxx_xxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxxxxxpredictiveMedium
76ArgumentxxpredictiveLow
77Argumentxx=xxxxxx)predictiveMedium
78ArgumentxxxxpredictiveLow
79ArgumentxxpredictiveLow
80ArgumentxxxxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxxxx_xxxxpredictiveMedium
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxxpredictiveLow
85Argumentxxxxxxxxx/xxxxxxxxxpredictiveHigh
86ArgumentxxxxpredictiveLow
87Argumentxxxx/xxxxx/xxxxxxxpredictiveHigh
88ArgumentxxxxxxxxxxpredictiveMedium
89ArgumentxxxxxxpredictiveLow
90ArgumentxxxxpredictiveLow
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxxxpredictiveMedium
93ArgumentxxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95Argumentxxxx_xxxxpredictiveMedium
96Argumentxxxxx_xxxx_xxxxpredictiveHigh
97ArgumentxxxxxxxxxxxxxpredictiveHigh
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxxxpredictiveMedium
100ArgumentxxxxxxpredictiveLow
101ArgumentxxxxxxxpredictiveLow
102Argumentxxxxxxxx_xxxxxpredictiveHigh
103ArgumentxxxxxxpredictiveLow
104ArgumentxxxpredictiveLow
105Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
106ArgumentxxxxpredictiveLow
107ArgumentxxxpredictiveLow
108ArgumentxxxpredictiveLow
109Argument_xxxx[_xxx_xxxx_xxxx]predictiveHigh
110Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveHigh
111Argument_x_xxxxxxxxpredictiveMedium
112Input Valuexxxx://xxx.%xxxxxx-xxx%.xxxxx/xxxxxxxx-xxxxxx-xxx?%xxxxxx-xxx%.predictiveHigh
113Input Value….//predictiveLow
114Pattern|xx xx xx xx|predictiveHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!