Trusted Design

Angler EK: More Obfuscation, Fake Extensions, and Other Nonsense

概要

Late last week Talos researchers noticed a drastic uptick in Angler Exploit Kit activity. We have covered Angler previously, such as the discussion of domain shadowing. This exploit kit evolves on an almost constant basis. However, the recent activity caught our attention due to a change to the URL structure of the landing pages. This type of change doesn’t occur often and was coupled with some other interesting tidbits including how the HTTP 302 cushioning has evolved and the payload of another ransomware has changed.

Created: 2026-02-23

Indicators

類似Pulses

Another example of Angler exploit kit pushing CryptoWall 3.0 (score: 0.78)
Chinese Government Website Compromised, Leads to Angler (score: 0.75)
Alienvault Labs: Malvertising leading to the Angler Exploit Kit (score: 0.74)
Large Malvertising Campaign Leads to Angler EK & Bunitu Malware (score: 0.72)
Angler EK delivers Alpha Crypt Ransomware (score: 0.71)

このPulseに関連する脅威アクター (事実ベース)

Volt Typhoon

Score: 11.26

Matched TTPs:

T1592 - Gather Victim Host Information
T1596.005 - Scan Databases
T1124 - System Time Discovery

MITREへのリンク →

Ember Bear

Score: 16.48

Matched TTPs:

T1491.002 - External Defacement
T1595.002 - Vulnerability Scanning
T1203 - Exploitation for Client Execution
T1595.001 - Scanning IP Blocks
T1588.005 - Exploits

MITREへのリンク →

Sandworm Team

Score: 12.54

Matched TTPs:

T1491.002 - External Defacement
T1598.003 - Spearphishing Link
T1595.002 - Vulnerability Scanning
T1203 - Exploitation for Client Execution
T1027.010 - Command Obfuscation

MITREへのリンク →

Kimsuky

Score: 17.88

Matched TTPs:

T1036.007 - Double File Extension
T1598.003 - Spearphishing Link
T1583.006 - Web Services
T1027.010 - Command Obfuscation
T1588.005 - Exploits
T1584.001 - Domains

MITREへのリンク →

Mustang Panda

Score: 14.23

Matched TTPs:

T1036.007 - Double File Extension
T1598.003 - Spearphishing Link
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Sidewinder

Score: 8.41

Matched TTPs:

T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1027.010 - Command Obfuscation
T1124 - System Time Discovery

MITREへのリンク →

ZIRCONIUM

Score: 7.06

Matched TTPs:

T1598.003 - Spearphishing Link
T1583.006 - Web Services
T1124 - System Time Discovery

MITREへのリンク →

APT32

Score: 12.63

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.004 - Drive-by Target
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1027.010 - Command Obfuscation
T1189 - Drive-by Compromise

MITREへのリンク →

Magic Hound

Score: 13.98

Matched TTPs:

T1598.003 - Spearphishing Link
T1595.002 - Vulnerability Scanning
T1583.006 - Web Services
T1027.010 - Command Obfuscation
T1189 - Drive-by Compromise
T1584.001 - Domains

MITREへのリンク →

APT28

Score: 10.32

Matched TTPs:

T1598.003 - Spearphishing Link
T1595.002 - Vulnerability Scanning
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

CURIUM

Score: 9.85

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.004 - Drive-by Target
T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

Dragonfly

Score: 11.34

Matched TTPs:

T1598.003 - Spearphishing Link
T1608.004 - Drive-by Target
T1595.002 - Vulnerability Scanning
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Patchwork

Score: 11.02

Matched TTPs:

T1598.003 - Spearphishing Link
T1203 - Exploitation for Client Execution
T1197 - BITS Jobs
T1027.010 - Command Obfuscation
T1189 - Drive-by Compromise

MITREへのリンク →

Transparent Tribe

Score: 9.58

Matched TTPs:

T1608.004 - Drive-by Target
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.001 - Domains

MITREへのリンク →

LuminousMoth

Score: 3.03

Matched TTPs:

T1608.004 - Drive-by Target

MITREへのリンク →

FIN7

Score: 9.50

Matched TTPs:

T1608.004 - Drive-by Target
T1583.006 - Web Services
T1027.010 - Command Obfuscation
T1124 - System Time Discovery

MITREへのリンク →

Threat Group-3390

Score: 6.29

Matched TTPs:

T1608.004 - Drive-by Target
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Mustard Tempest

Score: 12.62

Matched TTPs:

T1608.004 - Drive-by Target
T1189 - Drive-by Compromise
T1608.006 - SEO Poisoning
T1584.001 - Domains

MITREへのリンク →

Volatile Cedar

Score: 6.72

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1595.003 - Wordlist Scanning

MITREへのリンク →

Leviathan

Score: 9.29

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1203 - Exploitation for Client Execution
T1197 - BITS Jobs
T1189 - Drive-by Compromise

MITREへのリンク →

APT41

Score: 15.79

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1203 - Exploitation for Client Execution
T1595.003 - Wordlist Scanning
T1197 - BITS Jobs
T1596.005 - Scan Databases

MITREへのリンク →

TeamTNT

Score: 6.72

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1595.001 - Scanning IP Blocks

MITREへのリンク →

APT29

Score: 10.64

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1090.004 - Domain Fronting

MITREへのリンク →

Winter Vivern

Score: 8.90

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1056.003 - Web Portal Capture
T1189 - Drive-by Compromise

MITREへのリンク →

Aquatic Panda

Score: 4.46

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1027.010 - Command Obfuscation

MITREへのリンク →

Earth Lusca

Score: 6.37

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1583.006 - Web Services
T1189 - Drive-by Compromise

MITREへのリンク →

HAFNIUM

Score: 6.55

Matched TTPs:

T1592.004 - Client Configurations
T1583.006 - Web Services

MITREへのリンク →

Contagious Interview

Score: 3.88

Matched TTPs:

T1583.006 - Web Services
T1027.010 - Command Obfuscation

MITREへのリンク →

Medusa Group

Score: 3.88

Matched TTPs:

T1583.006 - Web Services
T1027.010 - Command Obfuscation

MITREへのリンク →

Turla

Score: 8.23

Matched TTPs:

T1583.006 - Web Services
T1027.010 - Command Obfuscation
T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

MuddyWater

Score: 5.37

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1027.010 - Command Obfuscation

MITREへのリンク →

Lazarus Group

Score: 12.00

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

Gamaredon Group

Score: 8.41

Matched TTPs:

T1583.006 - Web Services
T1001 - Data Obfuscation
T1027.010 - Command Obfuscation

MITREへのリンク →

Saint Bear

Score: 3.51

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

LazyScripter

Score: 3.88

Matched TTPs:

T1583.006 - Web Services
T1027.010 - Command Obfuscation

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Axiom

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Higaisa

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

Cobalt Group

Score: 3.36

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.010 - Command Obfuscation

MITREへのリンク →

APT37

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

UNC3886

Score: 4.09

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery

MITREへのリンク →

BRONZE BUTLER

Score: 5.85

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Darkhotel

Score: 5.85

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1124 - System Time Discovery

MITREへのリンク →

OilRig

Score: 6.03

Matched TTPs:

T1203 - Exploitation for Client Execution
T1137.004 - Outlook Home Page

MITREへのリンク →

APT39

Score: 3.44

Matched TTPs:

T1197 - BITS Jobs

MITREへのリンク →

Wizard Spider

Score: 5.30

Matched TTPs:

T1197 - BITS Jobs
T1027.010 - Command Obfuscation

MITREへのリンク →

Leafminer

Score: 3.63

Matched TTPs:

T1027.010 - Command Obfuscation
T1189 - Drive-by Compromise

MITREへのリンク →

Chimera

Score: 4.46

Matched TTPs:

T1027.010 - Command Obfuscation
T1124 - System Time Discovery

MITREへのリンク →

APT19

Score: 3.63

Matched TTPs:

T1027.010 - Command Obfuscation
T1189 - Drive-by Compromise

MITREへのリンク →

SideCopy

Score: 3.29

Matched TTPs:

T1584.001 - Domains

MITREへのリンク →

APT1

Score: 3.29

Matched TTPs:

T1584.001 - Domains

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.78

Matched TTPs:

T1036.007 - Double File Extension
T1588.005 - Exploits
T1027.010 - Command Obfuscation
T1584.001 - Domains
T1583.006 - Web Services
T1598.003 - Spearphishing Link

MITREへのリンク →

APT41

Score: 0.74

Matched TTPs:

T1203 - Exploitation for Client Execution
T1595.003 - Wordlist Scanning
T1596.005 - Scan Databases
T1197 - BITS Jobs
T1595.002 - Vulnerability Scanning

MITREへのリンク →

Ember Bear

Score: 0.71

Matched TTPs:

T1203 - Exploitation for Client Execution
T1595.001 - Scanning IP Blocks
T1491.002 - External Defacement
T1588.005 - Exploits
T1595.002 - Vulnerability Scanning

MITREへのリンク →

Mustang Panda

Score: 0.64

Matched TTPs:

T1203 - Exploitation for Client Execution
T1036.007 - Double File Extension
T1583.006 - Web Services
T1598.003 - Spearphishing Link
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Magic Hound

Score: 0.64

Matched TTPs:

T1027.010 - Command Obfuscation
T1584.001 - Domains
T1583.006 - Web Services
T1595.002 - Vulnerability Scanning
T1189 - Drive-by Compromise
T1598.003 - Spearphishing Link

MITREへのリンク →

Mustard Tempest

Score: 0.63

Matched TTPs:

T1584.001 - Domains
T1189 - Drive-by Compromise
T1608.004 - Drive-by Target
T1608.006 - SEO Poisoning

MITREへのリンク →

APT32

Score: 0.62

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.010 - Command Obfuscation
T1598.003 - Spearphishing Link
T1608.004 - Drive-by Target
T1189 - Drive-by Compromise
T1583.006 - Web Services

MITREへのリンク →

Sandworm Team

Score: 0.60

Matched TTPs:

T1203 - Exploitation for Client Execution
T1491.002 - External Defacement
T1027.010 - Command Obfuscation
T1595.002 - Vulnerability Scanning
T1598.003 - Spearphishing Link

MITREへのリンク →

Lazarus Group

Score: 0.57

Matched TTPs:

T1203 - Exploitation for Client Execution
T1124 - System Time Discovery
T1189 - Drive-by Compromise
T1583.006 - Web Services
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る