Trusted Design

Angler EK installs bedep, vawtrak and POS malware

概要

On October 26, 2015, Cyphort Labs discovered that psychcentral[.]com has been compromised and is currently infecting visitors via drive-by-download malwares. We immediately contacted psychcentral about this infection as early as we have discovered it. As of October 29, their technical team identified the problem and addressed the issue. The site was infected with an iframe injector that redirects to Angler EK. It uses a flash exploit that targets the recent vulnerability in Adobe flash. We found it to be installing bedep and vawtrak. Bedep was known to be the notorious ad fraud malware and vawtrak is a banking trojan following the success of Zeus. We have seen Angler to be using bedep as its payload but adding vawtrak in its arsenal is something we haven’t seen in the past until recently. Moroever, the vawtrak sample we got downloads a new memory scraping malware that scans for credit card data in memory.

Created: 2026-02-23

Indicators

• URL - http://46.30.41.16/files/970.exe -
• URL - http://ninthclub.com/Work/new/index.php -
• URL - http://50.7.143.61/a_p/a_970.exe -
• FileHash-MD5 - 28639b2c93a24ed6d178f3098ca23f2e -
• FileHash-MD5 - a2ee0c22d0cbdaa1c8de45c4a487b96a -
• hostname - margueriteyellow.bitcoininvesting.net -
• FileHash-MD5 - a1d1ba04f3cb2cc6372b5986fadb1b9f -
• CVE - CVE-2015-5560 -

類似Pulses

• 2015-08-31 Angler EK pushing Bedep (score: 0.71)
• Angler EK leads to fileless Gootkit (score: 0.71)
• BEDEP LURKING IN ANGLER'S SHADOWS (score: 0.70)
• ANGLER EK PUSHES BEDEP AND NECURS (score: 0.69)
• Bedep Ad-Fraud Botnet Analysis (score: 0.68)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る