Trusted Design

There Goes The Neighborhood - Bad Actors on GMHOST

概要

Whether they encourage it or not, some network operators become known and favored by criminals such as those that operate exploit kit (EK) and malware infrastructure. After following up the Sundown EK recently pointed out by @malwareforme on the Threatglass database, we found Neutrino (looking like Angler) and other bad behavior in the same network "neighborhood". It's not clear what reputation this hoster has within the underground community, but the Sundown and Neutrino campaigns both appeared within the same address space registered under "Alexander Mulgin Serginovic" (AMS) with the first Neutrino hits coinciding with the last few hits of Sundown's December 2015 campaign. We have not identified any link between these campaigns apart from the hoster, but we wanted to provide a quick look at some of these activities and the specific indicators we have seen. Source = http://research.zscaler.com/2016/01/there-goes-neighborhood-bad-actors-on.html

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

• 2015-12-27 Sundown EK Sending Neutrino (score: 0.64)
• CryptoWall sent by Angler and Neutrino exploit kits (score: 0.61)
• MTA 2015-11-25: GATE LED TO ANGLER EK AND NEUTRINO EK (score: 0.60)
• KRBanker Targets South Korea Through Adware and Exploit Kits (score: 0.59)
• Neutrino EK Distributor (score: 0.57)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る