CryptoWall sent by Angler and Neutrino exploit kits
概要
Since August 2015, actors using Angler exploit kit (EK) to send ransomware have occasionally switched back and forth between Angler EK and Neutrino EK.
Sometime in mid-August 2015, actors using Angler EK to send ransomware switched to Neutrino EK [1]. The next week, those actors were back to using Angler EK [2, 3] and we've seen the occasional switching back and forth since then.
I hadn't seen much Neutrino EK at all in November and December of 2015, but these actors switched back to Neutrino EK by the first week of January [4]. This occasional switch between the two EKs can be confusing. I've seen this EK switch initially confuse more than one security professional [5].
As of Tuesday 2016-01-12, these actors are back to Angler EK. And as always, we continue to see malicious spam (malspam) as another vector for ransomware.
Source : https://isc.sans.edu/forums/diary/CryptoWall+sent+by+Angler+and+Neutrino+exploit+kits+or+through+malicious+spam/20611/
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 8.22
Matched TTPs:
- T1681 - Search Threat Vendor Data
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 6.66
Matched TTPs:
- T1681 - Search Threat Vendor Data
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 12.40
Matched TTPs:
- T1550.003 - Pass the Ticket
- T1203 - Exploitation for Client Execution
- T1090.004 - Domain Fronting
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 5.34
Matched TTPs:
- T1550.003 - Pass the Ticket
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 7.93
Matched TTPs:
- T1550.003 - Pass the Ticket
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 6.94
Matched TTPs:
- T1001 - Data Obfuscation
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1055.012 - Process Hollowing
MITREへのリンク →
Score: 4.65
Matched TTPs:
- T1055.012 - Process Hollowing
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 4.65
Matched TTPs:
- T1055.012 - Process Hollowing
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1055.012 - Process Hollowing
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1055.012 - Process Hollowing
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1055.012 - Process Hollowing
MITREへのリンク →
Score: 9.68
Matched TTPs:
- T1055.012 - Process Hollowing
- T1102.002 - Bidirectional Communication
- T1588.005 - Exploits
MITREへのリンク →
Score: 3.89
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 13.14
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
- T1027.007 - Dynamic API Resolution
- T1124 - System Time Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 3.89
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 4.92
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.99
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.99
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1124 - System Time Discovery
MITREへのリンク →
Score: 3.89
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 8.02
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
Score: 3.89
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1203 - Exploitation for Client Execution
MITREへのリンク →
Score: 4.99
Matched TTPs:
- T1102.002 - Bidirectional Communication
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1027.007 - Dynamic API Resolution
MITREへのリンク →
Score: 5.63
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1588.005 - Exploits
MITREへのリンク →
Score: 4.09
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
MITREへのリンク →
Score: 4.02
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 5.12
Matched TTPs:
- T1124 - System Time Discovery
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1211 - Exploitation for Defense Evasion
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.83
Matched TTPs:
- T1027.007 - Dynamic API Resolution
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
- T1102.002 - Bidirectional Communication
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 0.77
Matched TTPs:
- T1550.003 - Pass the Ticket
- T1090.004 - Domain Fronting
- T1203 - Exploitation for Client Execution
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1588.005 - Exploits
- T1055.012 - Process Hollowing
- T1102.002 - Bidirectional Communication
MITREへのリンク →
Score: 0.55
Matched TTPs:
- T1203 - Exploitation for Client Execution
- T1124 - System Time Discovery
- T1681 - Search Threat Vendor Data
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design