Pulse Detail-

A detailed report by Cisco on how Angler EK works

概要

Angler is an exploitation machine, continuing to compromise users at a high rate for a long time. This is due largely to how effective and innovative Angler has been. Whether it is Domain Shadowing, 302 Cushioning, Encrypted Payloads, or rapid exploit deployment, Angler has dominated 2015, as predicted in last years Annual Security Report. While conducting this research Talos was able to obtain information about hosts serving Angler. We now have a good approximation around Angler’s revenue stream. By analyzing the behavior of just one node delivering Angler as well as a server monitoring these systems, Talos can reliably say that one threat actor was responsible for up to half of the Angler activity that we’ve observed globally. This malicious network generates approximately more than $30 million annually, which we will cover in detail later.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Angler EK: More Obfuscation, Fake Extensions, and Other Nonsense (score: 0.70)
The Many Paths to Angler (score: 0.70)
Large Malvertising Campaign Leads to Angler EK & Bunitu Malware (score: 0.68)
Chinese Government Website Compromised, Leads to Angler (score: 0.66)
Alienvault Labs: Malvertising leading to the Angler Exploit Kit (score: 0.66)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 26.01

Matched TTPs:

T1583 - Acquire Infrastructure
T1560.003 - Archive via Custom Method
T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1588.005 - Exploits
T1102.001 - Dead Drop Resolver
T1584.001 - Domains

MITREへのリンク →

Sea Turtle

Score: 5.69

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application
T1071.001 - Web Protocols

MITREへのリンク →

Ember Bear

Score: 17.28

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1595.001 - Scanning IP Blocks
T1046 - Network Service Discovery
T1588.005 - Exploits

MITREへのリンク →

Indrik Spider

Score: 5.87

Matched TTPs:

T1583 - Acquire Infrastructure
T1584.004 - Server

MITREへのリンク →

Agrius

Score: 6.27

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

Contagious Interview

Score: 11.52

Matched TTPs:

T1583 - Acquire Infrastructure
T1681 - Search Threat Vendor Data
T1090 - Proxy
T1583.006 - Web Services

MITREへのリンク →

Sandworm Team

Score: 16.89

Matched TTPs:

T1583 - Acquire Infrastructure
T1190 - Exploit Public-Facing Application
T1090 - Proxy
T1584.005 - Botnet
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols
T1584.004 - Server

MITREへのリンク →

Star Blizzard

Score: 3.03

Matched TTPs:

T1583 - Acquire Infrastructure

MITREへのリンク →

FIN6

Score: 7.44

Matched TTPs:

T1560.003 - Archive via Custom Method
T1102 - Web Service
T1046 - Network Service Discovery

MITREへのリンク →

CopyKittens

Score: 5.49

Matched TTPs:

T1560.003 - Archive via Custom Method
T1090 - Proxy

MITREへのリンク →

Mustang Panda

Score: 13.31

Matched TTPs:

T1560.003 - Archive via Custom Method
T1102 - Web Service
T1583.006 - Web Services
T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1564.001 - Hidden Files and Directories

MITREへのリンク →

UNC3886

Score: 11.35

Matched TTPs:

T1560.003 - Archive via Custom Method
T1190 - Exploit Public-Facing Application
T1681 - Search Threat Vendor Data
T1124 - System Time Discovery

MITREへのリンク →

Lotus Blossom

Score: 7.85

Matched TTPs:

T1560.003 - Archive via Custom Method
T1046 - Network Service Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Lazarus Group

Score: 25.16

Matched TTPs:

T1560.003 - Archive via Custom Method
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols
T1584.004 - Server
T1046 - Network Service Discovery
T1564.001 - Hidden Files and Directories
T1124 - System Time Discovery
T1090.001 - Internal Proxy
T1529 - System Shutdown/Reboot

MITREへのリンク →

HAFNIUM

Score: 23.47

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1592.004 - Client Configurations
T1584.005 - Botnet
T1583.006 - Web Services
T1071.001 - Web Protocols
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Ke3chang

Score: 6.50

Matched TTPs:

T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1071.001 - Web Protocols

MITREへのリンク →

Rocke

Score: 14.95

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102 - Web Service
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1564.001 - Hidden Files and Directories
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Threat Group-3390

Score: 9.22

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1046 - Network Service Discovery

MITREへのリンク →

FIN7

Score: 13.88

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1210 - Exploitation of Remote Services
T1102.002 - Bidirectional Communication
T1564.001 - Hidden Files and Directories
T1124 - System Time Discovery

MITREへのリンク →

Volt Typhoon

Score: 31.56

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1217 - Browser Information Discovery
T1590.006 - Network Security Appliances
T1090 - Proxy
T1584.005 - Botnet
T1027.002 - Software Packing
T1584.004 - Server
T1046 - Network Service Discovery
T1596.005 - Scan Databases
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

APT28

Score: 29.13

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1210 - Exploitation of Remote Services
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token
T1669 - Wi-Fi Networks
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

BackdoorDiplomacy

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

FIN13

Score: 10.02

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1564.001 - Hidden Files and Directories
T1090.001 - Internal Proxy

MITREへのリンク →

BlackTech

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

Magic Hound

Score: 14.46

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090 - Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1584.001 - Domains

MITREへのリンク →

Medusa Group

Score: 21.19

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1650 - Acquire Access
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1529 - System Shutdown/Reboot
T1218.014 - MMC

MITREへのリンク →

Storm-0501

Score: 3.52

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1027.002 - Software Packing

MITREへのリンク →

Fox Kitten

Score: 14.13

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1217 - Browser Information Discovery
T1090 - Proxy
T1102 - Web Service
T1210 - Exploitation of Remote Services
T1046 - Network Service Discovery

MITREへのリンク →

Cinnamon Tempest

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090 - Proxy

MITREへのリンク →

BlackByte

Score: 4.42

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1071.001 - Web Protocols
T1046 - Network Service Discovery

MITREへのリンク →

menuPass

Score: 5.98

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1046 - Network Service Discovery

MITREへのリンク →

Blue Mockingbird

Score: 3.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090 - Proxy

MITREへのリンク →

GALLIUM

Score: 3.52

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1027.002 - Software Packing

MITREへのリンク →

Winter Vivern

Score: 6.28

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.006 - Web Services
T1071.001 - Web Protocols

MITREへのリンク →

Earth Lusca

Score: 15.02

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090 - Proxy
T1583.006 - Web Services
T1210 - Exploitation of Remote Services
T1584.006 - Web Services
T1584.004 - Server

MITREへのリンク →

APT29

Score: 10.07

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1090.004 - Domain Fronting
T1027.002 - Software Packing

MITREへのリンク →

Leviathan

Score: 8.44

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.003 - One-Way Communication
T1584.004 - Server

MITREへのリンク →

INC Ransom

Score: 3.24

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1046 - Network Service Discovery

MITREへのリンク →

Dragonfly

Score: 7.05

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1210 - Exploitation of Remote Services
T1584.004 - Server

MITREへのリンク →

Axiom

Score: 5.09

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1584.005 - Botnet

MITREへのリンク →

APT41

Score: 16.23

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1090 - Proxy
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1596.005 - Scan Databases
T1102.001 - Dead Drop Resolver

MITREへのリンク →

MuddyWater

Score: 9.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1583.006 - Web Services
T1210 - Exploitation of Remote Services
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols

MITREへのリンク →

APT39

Score: 11.80

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

MoustachedBouncer

Score: 8.93

Matched TTPs:

T1659 - Content Injection
T1090 - Proxy
T1027.002 - Software Packing

MITREへのリンク →

TeamTNT

Score: 16.20

Matched TTPs:

T1610 - Deploy Container
T1102 - Web Service
T1595.001 - Scanning IP Blocks
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1046 - Network Service Discovery

MITREへのリンク →

APT38

Score: 14.69

Matched TTPs:

T1217 - Browser Information Discovery
T1027.002 - Software Packing
T1071.001 - Web Protocols
T1036.006 - Space after Filename
T1529 - System Shutdown/Reboot

MITREへのリンク →

Scattered Spider

Score: 5.63

Matched TTPs:

T1217 - Browser Information Discovery
T1090 - Proxy

MITREへのリンク →

Moonstone Sleet

Score: 4.47

Matched TTPs:

T1217 - Browser Information Discovery
T1071.001 - Web Protocols

MITREへのリンク →

Chimera

Score: 8.83

Matched TTPs:

T1217 - Browser Information Discovery
T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1124 - System Time Discovery

MITREへのリンク →

Turla

Score: 22.44

Matched TTPs:

T1090 - Proxy
T1102 - Web Service
T1583.006 - Web Services
T1584.006 - Web Services
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols
T1584.004 - Server
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

POLONIUM

Score: 6.75

Matched TTPs:

T1090 - Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication

MITREへのリンク →

Gamaredon Group

Score: 19.13

Matched TTPs:

T1090 - Proxy
T1102 - Web Service
T1583.006 - Web Services
T1102.003 - One-Way Communication
T1001 - Data Obfuscation
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols

MITREへのリンク →

RedCurl

Score: 8.14

Matched TTPs:

T1102 - Web Service
T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Inception

Score: 3.71

Matched TTPs:

T1102 - Web Service
T1071.001 - Web Protocols

MITREへのリンク →

LazyScripter

Score: 4.54

Matched TTPs:

T1102 - Web Service
T1583.006 - Web Services

MITREへのリンク →

FIN8

Score: 3.71

Matched TTPs:

T1102 - Web Service
T1071.001 - Web Protocols

MITREへのリンク →

APT42

Score: 3.71

Matched TTPs:

T1102 - Web Service
T1071.001 - Web Protocols

MITREへのリンク →

APT32

Score: 10.15

Matched TTPs:

T1102 - Web Service
T1583.006 - Web Services
T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1564.001 - Hidden Files and Directories

MITREへのリンク →

ZIRCONIUM

Score: 9.06

Matched TTPs:

T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1027.002 - Software Packing
T1124 - System Time Discovery

MITREへのリンク →

Confucius

Score: 3.20

Matched TTPs:

T1583.006 - Web Services
T1071.001 - Web Protocols

MITREへのリンク →

Saint Bear

Score: 4.07

Matched TTPs:

T1583.006 - Web Services
T1027.002 - Software Packing

MITREへのリンク →

TA2541

Score: 4.07

Matched TTPs:

T1583.006 - Web Services
T1027.002 - Software Packing

MITREへのリンク →

CURIUM

Score: 10.06

Matched TTPs:

T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1584.006 - Web Services
T1124 - System Time Discovery

MITREへのリンク →

Storm-1811

Score: 3.84

Matched TTPs:

T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol

MITREへのリンク →

Wizard Spider

Score: 3.93

Matched TTPs:

T1210 - Exploitation of Remote Services
T1071.001 - Web Protocols

MITREへのリンク →

APT37

Score: 7.21

Matched TTPs:

T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols
T1529 - System Shutdown/Reboot

MITREへのリンク →

The White Company

Score: 4.65

Matched TTPs:

T1027.002 - Software Packing
T1124 - System Time Discovery

MITREへのリンク →

Dark Caracal

Score: 3.24

Matched TTPs:

T1027.002 - Software Packing
T1071.001 - Web Protocols

MITREへのリンク →

TA505

Score: 3.24

Matched TTPs:

T1027.002 - Software Packing
T1071.001 - Web Protocols

MITREへのリンク →

Patchwork

Score: 5.34

Matched TTPs:

T1027.002 - Software Packing
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Daggerfly

Score: 4.02

Matched TTPs:

T1071.001 - Web Protocols
T1584.004 - Server

MITREへのリンク →

Tropic Trooper

Score: 5.62

Matched TTPs:

T1071.001 - Web Protocols
T1046 - Network Service Discovery
T1564.001 - Hidden Files and Directories

MITREへのリンク →

LuminousMoth

Score: 3.85

Matched TTPs:

T1071.001 - Web Protocols
T1564.001 - Hidden Files and Directories

MITREへのリンク →

BRONZE BUTLER

Score: 7.07

Matched TTPs:

T1071.001 - Web Protocols
T1124 - System Time Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Sidewinder

Score: 3.78

Matched TTPs:

T1071.001 - Web Protocols
T1124 - System Time Discovery

MITREへのリンク →

Higaisa

Score: 6.71

Matched TTPs:

T1071.001 - Web Protocols
T1124 - System Time Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

Mustard Tempest

Score: 7.82

Matched TTPs:

T1608.006 - SEO Poisoning
T1584.001 - Domains

MITREへのリンク →

Transparent Tribe

Score: 5.95

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1584.001 - Domains

MITREへのリンク →

Velvet Ant

Score: 7.06

Matched TTPs:

T1090.001 - Internal Proxy
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

SideCopy

Score: 3.29

Matched TTPs:

T1584.001 - Domains

MITREへのリンク →

APT1

Score: 3.29

Matched TTPs:

T1584.001 - Domains

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.82

Matched TTPs:

T1046 - Network Service Discovery
T1217 - Browser Information Discovery
T1090 - Proxy
T1584.004 - Server
T1027.002 - Software Packing
T1590.006 - Network Security Appliances
T1124 - System Time Discovery
T1584.005 - Botnet
T1090.001 - Internal Proxy
T1190 - Exploit Public-Facing Application
T1596.005 - Scan Databases

MITREへのリンク →

APT28

Score: 0.74

Matched TTPs:

T1669 - Wi-Fi Networks
T1564.001 - Hidden Files and Directories
T1583.006 - Web Services
T1211 - Exploitation for Defense Evasion
T1550.001 - Application Access Token
T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1210 - Exploitation of Remote Services
T1071.001 - Web Protocols

MITREへのリンク →

Kimsuky

Score: 0.66

Matched TTPs:

T1027.002 - Software Packing
T1583 - Acquire Infrastructure
T1102.001 - Dead Drop Resolver
T1583.006 - Web Services
T1560.003 - Archive via Custom Method
T1584.001 - Domains
T1190 - Exploit Public-Facing Application
T1102.002 - Bidirectional Communication
T1588.005 - Exploits
T1071.001 - Web Protocols

MITREへのリンク →

HAFNIUM

Score: 0.65

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1584.005 - Botnet
T1583.006 - Web Services
T1592.004 - Client Configurations
T1550.001 - Application Access Token
T1190 - Exploit Public-Facing Application
T1071.001 - Web Protocols
T1583.005 - Botnet

MITREへのリンク →

Lazarus Group

Score: 0.65

Matched TTPs:

T1046 - Network Service Discovery
T1102.002 - Bidirectional Communication
T1529 - System Shutdown/Reboot
T1584.004 - Server
T1124 - System Time Discovery
T1564.001 - Hidden Files and Directories
T1583.006 - Web Services
T1560.003 - Archive via Custom Method
T1090.001 - Internal Proxy
T1071.001 - Web Protocols

MITREへのリンク →

Turla

Score: 0.61

Matched TTPs:

T1102 - Web Service
T1090 - Proxy
T1584.004 - Server
T1124 - System Time Discovery
T1090.001 - Internal Proxy
T1583.006 - Web Services
T1071.001 - Web Protocols
T1102.002 - Bidirectional Communication
T1584.006 - Web Services

MITREへのリンク →

Medusa Group

Score: 0.57

Matched TTPs:

T1046 - Network Service Discovery
T1529 - System Shutdown/Reboot
T1027.002 - Software Packing
T1218.014 - MMC
T1650 - Acquire Access
T1583.006 - Web Services
T1190 - Exploit Public-Facing Application
T1071.001 - Web Protocols

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

A detailed report by Cisco on how Angler EK works

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ