Trusted Design

Angler EK: More Obfuscation, Fake Extensions, and Other Nonsense

概要

Late last week Talos researchers noticed a drastic uptick in Angler Exploit Kit activity. We have covered Angler previously, such as the discussion of domain shadowing. This exploit kit evolves on an almost constant basis. However, the recent activity caught our attention due to a change to the URL structure of the landing pages. This type of change doesn’t occur often and was coupled with some other interesting tidbits including how the HTTP 302 cushioning has evolved and the payload of another ransomware has changed.

Created: 2026-02-23

Indicators

類似Pulses

Another example of Angler exploit kit pushing CryptoWall 3.0 (score: 0.78)
Chinese Government Website Compromised, Leads to Angler (score: 0.75)
Alienvault Labs: Malvertising leading to the Angler Exploit Kit (score: 0.74)
Large Malvertising Campaign Leads to Angler EK & Bunitu Malware (score: 0.72)
Angler EK delivers Alpha Crypt Ransomware (score: 0.71)

このPulseに関連する脅威アクター (事実ベース)

Volt Typhoon

Score: 11.26

Matched TTPs:

T1148 - HISTCONTROL
T1574.002 - DLL Side-Loading
T1578.001 - Create Snapshot

MITREへのリンク →

Ember Bear

Score: 16.48

Matched TTPs:

T1564.008 - Email Hiding Rules
T1562.004 - Disable or Modify System Firewall
T1218.010 - Regsvr32
T1519 - Emond
T1003.003 - NTDS

MITREへのリンク →

Sandworm Team

Score: 12.54

Matched TTPs:

T1564.008 - Email Hiding Rules
T1566.002 - Spearphishing Link
T1562.004 - Disable or Modify System Firewall
T1218.010 - Regsvr32
T1601.001 - Patch System Image

MITREへのリンク →

Kimsuky

Score: 17.88

Matched TTPs:

T1053.007 - Container Orchestration Job
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1601.001 - Patch System Image
T1003.003 - NTDS
T1053.002 - At

MITREへのリンク →

Mustang Panda

Score: 14.23

Matched TTPs:

T1053.007 - Container Orchestration Job
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage

MITREへのリンク →

Sidewinder

Score: 8.41

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1601.001 - Patch System Image
T1578.001 - Create Snapshot

MITREへのリンク →

ZIRCONIUM

Score: 7.06

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1578.001 - Create Snapshot

MITREへのリンク →

APT32

Score: 12.63

Matched TTPs:

T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1608.005 - Link Target
T1218.010 - Regsvr32
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI

MITREへのリンク →

Magic Hound

Score: 13.98

Matched TTPs:

T1566.002 - Spearphishing Link
T1562.004 - Disable or Modify System Firewall
T1608.005 - Link Target
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1053.002 - At

MITREへのリンク →

APT28

Score: 10.32

Matched TTPs:

T1566.002 - Spearphishing Link
T1562.004 - Disable or Modify System Firewall
T1608.005 - Link Target
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

CURIUM

Score: 9.85

Matched TTPs:

T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

Dragonfly

Score: 11.34

Matched TTPs:

T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1562.004 - Disable or Modify System Firewall
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Patchwork

Score: 11.02

Matched TTPs:

T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1001.003 - Protocol or Service Impersonation
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI

MITREへのリンク →

Transparent Tribe

Score: 9.58

Matched TTPs:

T1115 - Clipboard Data
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1053.002 - At

MITREへのリンク →

LuminousMoth

Score: 3.03

Matched TTPs:

T1115 - Clipboard Data

MITREへのリンク →

FIN7

Score: 9.50

Matched TTPs:

T1115 - Clipboard Data
T1608.005 - Link Target
T1601.001 - Patch System Image
T1578.001 - Create Snapshot

MITREへのリンク →

Threat Group-3390

Score: 6.29

Matched TTPs:

T1115 - Clipboard Data
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Mustard Tempest

Score: 12.62

Matched TTPs:

T1115 - Clipboard Data
T1059.012 - Hypervisor CLI
T1543.002 - Systemd Service
T1053.002 - At

MITREへのリンク →

Volatile Cedar

Score: 6.72

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1002 - Data Compressed

MITREへのリンク →

Leviathan

Score: 9.29

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1218.010 - Regsvr32
T1001.003 - Protocol or Service Impersonation
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT41

Score: 15.79

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1218.010 - Regsvr32
T1002 - Data Compressed
T1001.003 - Protocol or Service Impersonation
T1574.002 - DLL Side-Loading

MITREへのリンク →

TeamTNT

Score: 6.72

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1519 - Emond

MITREへのリンク →

APT29

Score: 10.64

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1608.005 - Link Target
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm

MITREへのリンク →

Winter Vivern

Score: 8.90

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1548 - Abuse Elevation Control Mechanism
T1059.012 - Hypervisor CLI

MITREへのリンク →

Aquatic Panda

Score: 4.46

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1601.001 - Patch System Image

MITREへのリンク →

Earth Lusca

Score: 6.37

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1608.005 - Link Target
T1059.012 - Hypervisor CLI

MITREへのリンク →

HAFNIUM

Score: 6.55

Matched TTPs:

T1059 - Command and Scripting Interpreter
T1608.005 - Link Target

MITREへのリンク →

Contagious Interview

Score: 3.88

Matched TTPs:

T1608.005 - Link Target
T1601.001 - Patch System Image

MITREへのリンク →

Medusa Group

Score: 3.88

Matched TTPs:

T1608.005 - Link Target
T1601.001 - Patch System Image

MITREへのリンク →

Turla

Score: 8.23

Matched TTPs:

T1608.005 - Link Target
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

MuddyWater

Score: 5.37

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32
T1601.001 - Patch System Image

MITREへのリンク →

Lazarus Group

Score: 12.00

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

Gamaredon Group

Score: 8.41

Matched TTPs:

T1608.005 - Link Target
T1061 - Graphical User Interface
T1601.001 - Patch System Image

MITREへのリンク →

Saint Bear

Score: 3.51

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

LazyScripter

Score: 3.88

Matched TTPs:

T1608.005 - Link Target
T1601.001 - Patch System Image

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Axiom

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Higaisa

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Cobalt Group

Score: 3.36

Matched TTPs:

T1218.010 - Regsvr32
T1601.001 - Patch System Image

MITREへのリンク →

APT37

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

UNC3886

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

BRONZE BUTLER

Score: 5.85

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Darkhotel

Score: 5.85

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot

MITREへのリンク →

OilRig

Score: 6.03

Matched TTPs:

T1218.010 - Regsvr32
T1592.002 - Software

MITREへのリンク →

APT39

Score: 3.44

Matched TTPs:

T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

Wizard Spider

Score: 5.30

Matched TTPs:

T1001.003 - Protocol or Service Impersonation
T1601.001 - Patch System Image

MITREへのリンク →

Leafminer

Score: 3.63

Matched TTPs:

T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI

MITREへのリンク →

Chimera

Score: 4.46

Matched TTPs:

T1601.001 - Patch System Image
T1578.001 - Create Snapshot

MITREへのリンク →

APT19

Score: 3.63

Matched TTPs:

T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI

MITREへのリンク →

SideCopy

Score: 3.29

Matched TTPs:

T1053.002 - At

MITREへのリンク →

APT1

Score: 3.29

Matched TTPs:

T1053.002 - At

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.78

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1053.007 - Container Orchestration Job
T1003.003 - NTDS
T1053.002 - At
T1601.001 - Patch System Image

MITREへのリンク →

APT41

Score: 0.74

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1002 - Data Compressed
T1218.010 - Regsvr32
T1001.003 - Protocol or Service Impersonation
T1574.002 - DLL Side-Loading

MITREへのリンク →

Ember Bear

Score: 0.71

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1519 - Emond
T1218.010 - Regsvr32
T1003.003 - NTDS
T1564.008 - Email Hiding Rules

MITREへのリンク →

Mustang Panda

Score: 0.64

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1053.007 - Container Orchestration Job
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage

MITREへのリンク →

Magic Hound

Score: 0.64

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1053.002 - At
T1059.012 - Hypervisor CLI
T1601.001 - Patch System Image

MITREへのリンク →

Mustard Tempest

Score: 0.63

Matched TTPs:

T1115 - Clipboard Data
T1059.012 - Hypervisor CLI
T1543.002 - Systemd Service
T1053.002 - At

MITREへのリンク →

APT32

Score: 0.62

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.005 - Link Target
T1115 - Clipboard Data
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1601.001 - Patch System Image

MITREへのリンク →

Sandworm Team

Score: 0.60

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1566.002 - Spearphishing Link
T1218.010 - Regsvr32
T1564.008 - Email Hiding Rules
T1601.001 - Patch System Image

MITREへのリンク →

Lazarus Group

Score: 0.57

Matched TTPs:

T1608.005 - Link Target
T1578.001 - Create Snapshot
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1059.012 - Hypervisor CLI

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る