Trusted Design

CryptoWall sent by Angler and Neutrino exploit kits

概要

Since August 2015, actors using Angler exploit kit (EK) to send ransomware have occasionally switched back and forth between Angler EK and Neutrino EK. Sometime in mid-August 2015, actors using Angler EK to send ransomware switched to Neutrino EK [1]. The next week, those actors were back to using Angler EK [2, 3] and we've seen the occasional switching back and forth since then. I hadn't seen much Neutrino EK at all in November and December of 2015, but these actors switched back to Neutrino EK by the first week of January [4]. This occasional switch between the two EKs can be confusing. I've seen this EK switch initially confuse more than one security professional [5]. As of Tuesday 2016-01-12, these actors are back to Angler EK. And as always, we continue to see malicious spam (malspam) as another vector for ransomware. Source : https://isc.sans.edu/forums/diary/CryptoWall+sent+by+Angler+and+Neutrino+exploit+kits+or+through+malicious+spam/20611/

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Actor that tried Neutrino exploit kit now back to Angler (score: 0.69)
Angler EK delivers Alpha Crypt Ransomware (score: 0.67)
Neutrino Campaign Leveraging WordPress, Flash for CryptoWall (score: 0.66)
CryptXXX: New Ransomware From the Actors Behind Reveton (score: 0.65)
2015-09-29 - ANGLER EK FROM 85.25.102.2 SENDS CRYPTOWALL 3.0 (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

UNC3886

Score: 8.22

Matched TTPs:

T1021.006 - Windows Remote Management
T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Contagious Interview

Score: 6.66

Matched TTPs:

T1021.006 - Windows Remote Management
T1547.008 - LSASS Driver

MITREへのリンク →

APT29

Score: 12.40

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1547.008 - LSASS Driver

MITREへのリンク →

APT32

Score: 5.34

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32

MITREへのリンク →

BRONZE BUTLER

Score: 7.93

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Gamaredon Group

Score: 6.94

Matched TTPs:

T1061 - Graphical User Interface
T1547.002 - Authentication Package

MITREへのリンク →

Gorgon Group

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

Threat Group-3390

Score: 4.65

Matched TTPs:

T1001 - Data Obfuscation
T1218.010 - Regsvr32

MITREへのリンク →

Patchwork

Score: 4.65

Matched TTPs:

T1001 - Data Obfuscation
T1218.010 - Regsvr32

MITREへのリンク →

BlackByte

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

menuPass

Score: 3.15

Matched TTPs:

T1001 - Data Obfuscation

MITREへのリンク →

Kimsuky

Score: 9.68

Matched TTPs:

T1001 - Data Obfuscation
T1547.002 - Authentication Package
T1003.003 - NTDS

MITREへのリンク →

APT37

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Lazarus Group

Score: 13.14

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Magic Hound

Score: 4.92

Matched TTPs:

T1547.002 - Authentication Package
T1547.008 - LSASS Driver

MITREへのリンク →

Turla

Score: 4.99

Matched TTPs:

T1547.002 - Authentication Package
T1578.001 - Create Snapshot

MITREへのリンク →

FIN7

Score: 4.99

Matched TTPs:

T1547.002 - Authentication Package
T1578.001 - Create Snapshot

MITREへのリンク →

Sandworm Team

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

APT28

Score: 8.02

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1566.003 - Spearphishing via Service

MITREへのリンク →

MuddyWater

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

ZIRCONIUM

Score: 4.99

Matched TTPs:

T1547.002 - Authentication Package
T1578.001 - Create Snapshot

MITREへのリンク →

Sidewinder

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

EXOTIC LILY

Score: 4.02

Matched TTPs:

T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Higaisa

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Mustang Panda

Score: 5.63

Matched TTPs:

T1218.010 - Regsvr32
T1055.005 - Thread Local Storage

MITREへのリンク →

Ember Bear

Score: 5.63

Matched TTPs:

T1218.010 - Regsvr32
T1003.003 - NTDS

MITREへのリンク →

Darkhotel

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

OilRig

Score: 4.02

Matched TTPs:

T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 4.54

Matched TTPs:

T1094 - Custom Command and Control Protocol

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.83

Matched TTPs:

T1055.005 - Thread Local Storage
T1547.002 - Authentication Package
T1578.001 - Create Snapshot
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

APT29

Score: 0.77

Matched TTPs:

T1218.010 - Regsvr32
T1547.008 - LSASS Driver
T1592.004 - Client Configurations
T1218.009 - Regsvcs/Regasm

MITREへのリンク →

Kimsuky

Score: 0.64

Matched TTPs:

T1003.003 - NTDS
T1001 - Data Obfuscation
T1547.002 - Authentication Package

MITREへのリンク →

UNC3886

Score: 0.55

Matched TTPs:

T1218.010 - Regsvr32
T1021.006 - Windows Remote Management
T1578.001 - Create Snapshot

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る