Pulse Detail-

EITest uses Adobe Flash to redirect to Angler exploit kit

概要

a shift in tactics by EITest, one of the main gates that drives traffic to the Angler exploit kit. Threat actors commonly use a gate, also known as a traffic detection system (TDS), to filter traffic based on a specific set of predefined criteria. Only the compromised systems that meet the criteria are redirected to the exploit kit. Until February 2016, obfuscated JavaScript injected by EITest on a compromised site contained a simple check to determine if the victim was using Internet Explorer. If so, the JavaScript redirected the browser to the Angler exploit kit's landing page

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

The Many Paths to Angler (score: 0.64)
Large Malvertising Campaign Goes (Almost) Undetected (score: 0.64)
Alienvault Labs: Malvertising leading to the Angler Exploit Kit (score: 0.62)
Web Attack (score: 0.62)
Large Malvertising Campaign Leads to Angler EK & Bunitu Malware (score: 0.62)

このPulseに関連する脅威アクター (事実ベース)

Turla

Score: 22.64

Matched TTPs:

T1059.007 - JavaScript
T1016.001 - Internet Connection Discovery
T1055 - Process Injection
T1090 - Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1584.004 - Server
T1090.001 - Internal Proxy

MITREへのリンク →

APT32

Score: 22.91

Matched TTPs:

T1059.007 - JavaScript
T1608.004 - Drive-by Target
T1135 - Network Share Discovery
T1055 - Process Injection
T1550.003 - Pass the Ticket
T1583.006 - Web Services
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1059.007 - JavaScript
T1583.006 - Web Services
T1203 - Exploitation for Client Execution

MITREへのリンク →

FIN6

Score: 4.72

Matched TTPs:

T1059.007 - JavaScript
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Sidewinder

Score: 4.65

Matched TTPs:

T1059.007 - JavaScript
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

MoustachedBouncer

Score: 8.85

Matched TTPs:

T1059.007 - JavaScript
T1659 - Content Injection
T1090 - Proxy

MITREへのリンク →

MuddyWater

Score: 11.81

Matched TTPs:

T1059.007 - JavaScript
T1090.002 - External Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

Earth Lusca

Score: 13.52

Matched TTPs:

T1059.007 - JavaScript
T1595.002 - Vulnerability Scanning
T1090 - Proxy
T1583.006 - Web Services
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Winter Vivern

Score: 12.06

Matched TTPs:

T1059.007 - JavaScript
T1595.002 - Vulnerability Scanning
T1056.003 - Web Portal Capture
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

Silence

Score: 7.18

Matched TTPs:

T1059.007 - JavaScript
T1055 - Process Injection
T1090.002 - External Proxy

MITREへのリンク →

Contagious Interview

Score: 14.71

Matched TTPs:

T1059.007 - JavaScript
T1090 - Proxy
T1480 - Execution Guardrails
T1583.006 - Web Services
T1204.004 - Malicious Copy and Paste

MITREへのリンク →

LazyScripter

Score: 3.99

Matched TTPs:

T1059.007 - JavaScript
T1583.006 - Web Services

MITREへのリンク →

TA505

Score: 3.16

Matched TTPs:

T1059.007 - JavaScript
T1071.001 - Web Protocols

MITREへのリンク →

FIN7

Score: 16.88

Matched TTPs:

T1059.007 - JavaScript
T1608.004 - Drive-by Target
T1674 - Input Injection
T1583.006 - Web Services
T1195.002 - Compromise Software Supply Chain
T1102.002 - Bidirectional Communication

MITREへのリンク →

Cobalt Group

Score: 15.53

Matched TTPs:

T1059.007 - JavaScript
T1055 - Process Injection
T1218.010 - Regsvr32
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1071.001 - Web Protocols

MITREへのリンク →

Higaisa

Score: 7.58

Matched TTPs:

T1059.007 - JavaScript
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols
T1090.001 - Internal Proxy

MITREへのリンク →

Kimsuky

Score: 21.45

Matched TTPs:

T1059.007 - JavaScript
T1055 - Process Injection
T1185 - Browser Session Hijacking
T1583.006 - Web Services
T1218.010 - Regsvr32
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols
T1588.005 - Exploits

MITREへのリンク →

Indrik Spider

Score: 4.81

Matched TTPs:

T1059.007 - JavaScript
T1584.004 - Server

MITREへのリンク →

Leafminer

Score: 3.74

Matched TTPs:

T1059.007 - JavaScript
T1189 - Drive-by Compromise

MITREへのリンク →

Mustang Panda

Score: 6.67

Matched TTPs:

T1059.007 - JavaScript
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

TA578

Score: 3.99

Matched TTPs:

T1059.007 - JavaScript
T1583.006 - Web Services

MITREへのリンク →

Magic Hound

Score: 15.04

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1595.002 - Vulnerability Scanning
T1090 - Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

HEXANE

Score: 5.14

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT29

Score: 19.97

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1595.002 - Vulnerability Scanning
T1090.002 - External Proxy
T1550.003 - Pass the Ticket
T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1027.006 - HTML Smuggling

MITREへのリンク →

Gamaredon Group

Score: 16.99

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1055 - Process Injection
T1090 - Proxy
T1480 - Execution Guardrails
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols

MITREへのリンク →

TA2541

Score: 9.96

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1055 - Process Injection
T1583.006 - Web Services
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Lotus Blossom

Score: 5.67

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1090.001 - Internal Proxy

MITREへのリンク →

FIN13

Score: 9.26

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1135 - Network Share Discovery
T1071.001 - Web Protocols
T1090.001 - Internal Proxy

MITREへのリンク →

HAFNIUM

Score: 10.48

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1592.004 - Client Configurations
T1583.006 - Web Services
T1071.001 - Web Protocols

MITREへのリンク →

Volt Typhoon

Score: 10.85

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1090 - Proxy
T1584.004 - Server
T1090.001 - Internal Proxy

MITREへのリンク →

FIN8

Score: 6.68

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1573.002 - Asymmetric Cryptography
T1071.001 - Web Protocols

MITREへのリンク →

Transparent Tribe

Score: 6.29

Matched TTPs:

T1608.004 - Drive-by Target
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

LuminousMoth

Score: 4.22

Matched TTPs:

T1608.004 - Drive-by Target
T1071.001 - Web Protocols

MITREへのリンク →

Dragonfly

Score: 17.04

Matched TTPs:

T1608.004 - Drive-by Target
T1135 - Network Share Discovery
T1595.002 - Vulnerability Scanning
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

CURIUM

Score: 4.80

Matched TTPs:

T1608.004 - Drive-by Target
T1189 - Drive-by Compromise

MITREへのリンク →

Threat Group-3390

Score: 10.41

Matched TTPs:

T1608.004 - Drive-by Target
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

Mustard Tempest

Score: 4.80

Matched TTPs:

T1608.004 - Drive-by Target
T1189 - Drive-by Compromise

MITREへのリンク →

Tonto Team

Score: 6.64

Matched TTPs:

T1135 - Network Share Discovery
T1090.002 - External Proxy
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT39

Score: 11.66

Matched TTPs:

T1135 - Network Share Discovery
T1090.002 - External Proxy
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols
T1090.001 - Internal Proxy

MITREへのリンク →

APT41

Score: 15.40

Matched TTPs:

T1135 - Network Share Discovery
T1055 - Process Injection
T1595.002 - Vulnerability Scanning
T1090 - Proxy
T1195.002 - Compromise Software Supply Chain
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

Medusa Group

Score: 11.97

Matched TTPs:

T1135 - Network Share Discovery
T1583.006 - Web Services
T1573.002 - Asymmetric Cryptography
T1071.001 - Web Protocols
T1529 - System Shutdown/Reboot

MITREへのリンク →

Chimera

Score: 3.59

Matched TTPs:

T1135 - Network Share Discovery
T1071.001 - Web Protocols

MITREへのリンク →

APT38

Score: 11.43

Matched TTPs:

T1135 - Network Share Discovery
T1055 - Process Injection
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1529 - System Shutdown/Reboot

MITREへのリンク →

BlackByte

Score: 9.89

Matched TTPs:

T1135 - Network Share Discovery
T1055 - Process Injection
T1480 - Execution Guardrails
T1071.001 - Web Protocols

MITREへのリンク →

Tropic Trooper

Score: 7.83

Matched TTPs:

T1135 - Network Share Discovery
T1203 - Exploitation for Client Execution
T1573.002 - Asymmetric Cryptography
T1071.001 - Web Protocols

MITREへのリンク →

Wizard Spider

Score: 6.04

Matched TTPs:

T1135 - Network Share Discovery
T1055 - Process Injection
T1071.001 - Web Protocols

MITREへのリンク →

APT37

Score: 12.92

Matched TTPs:

T1055 - Process Injection
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1529 - System Shutdown/Reboot

MITREへのリンク →

Velvet Ant

Score: 8.13

Matched TTPs:

T1055 - Process Injection
T1573.002 - Asymmetric Cryptography
T1090.001 - Internal Proxy

MITREへのリンク →

PLATINUM

Score: 4.22

Matched TTPs:

T1055 - Process Injection
T1189 - Drive-by Compromise

MITREへのリンク →

Sandworm Team

Score: 15.77

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1090 - Proxy
T1195.002 - Compromise Software Supply Chain
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols
T1584.004 - Server

MITREへのリンク →

Leviathan

Score: 11.43

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.004 - Server

MITREへのリンク →

Ember Bear

Score: 8.22

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1203 - Exploitation for Client Execution
T1588.005 - Exploits

MITREへのリンク →

TeamTNT

Score: 3.78

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1071.001 - Web Protocols

MITREへのリンク →

APT28

Score: 18.73

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1090.002 - External Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1137.002 - Office Test

MITREへのリンク →

Lazarus Group

Score: 20.99

Matched TTPs:

T1090.002 - External Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1584.004 - Server
T1090.001 - Internal Proxy
T1529 - System Shutdown/Reboot

MITREへのリンク →

APT3

Score: 4.24

Matched TTPs:

T1090.002 - External Proxy
T1203 - Exploitation for Client Execution

MITREへのリンク →

LAPSUS$

Score: 6.47

Matched TTPs:

T1090 - Proxy
T1204 - User Execution

MITREへのリンク →

Blue Mockingbird

Score: 5.09

Matched TTPs:

T1090 - Proxy
T1218.010 - Regsvr32

MITREへのリンク →

Windigo

Score: 4.11

Matched TTPs:

T1090 - Proxy
T1189 - Drive-by Compromise

MITREへのリンク →

POLONIUM

Score: 6.75

Matched TTPs:

T1090 - Proxy
T1583.006 - Web Services
T1102.002 - Bidirectional Communication

MITREへのリンク →

Scattered Spider

Score: 6.47

Matched TTPs:

T1090 - Proxy
T1204 - User Execution

MITREへのリンク →

BRONZE BUTLER

Score: 8.29

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

ZIRCONIUM

Score: 4.41

Matched TTPs:

T1583.006 - Web Services
T1102.002 - Bidirectional Communication

MITREへのリンク →

Confucius

Score: 4.69

Matched TTPs:

T1583.006 - Web Services
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

TA551

Score: 3.93

Matched TTPs:

T1218.010 - Regsvr32
T1071.001 - Web Protocols

MITREへのリンク →

Inception

Score: 5.43

Matched TTPs:

T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

WIRTE

Score: 3.93

Matched TTPs:

T1218.010 - Regsvr32
T1071.001 - Web Protocols

MITREへのリンク →

APT19

Score: 5.70

Matched TTPs:

T1218.010 - Regsvr32
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

Daggerfly

Score: 8.72

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1584.004 - Server

MITREへのリンク →

Moonstone Sleet

Score: 4.12

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1071.001 - Web Protocols

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Patchwork

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Axiom

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

OilRig

Score: 9.97

Matched TTPs:

T1203 - Exploitation for Client Execution
T1137.004 - Outlook Home Page
T1573.002 - Asymmetric Cryptography
T1071.001 - Web Protocols

MITREへのリンク →

RedCurl

Score: 3.93

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1071.001 - Web Protocols

MITREへのリンク →

RedEcho

Score: 3.93

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1071.001 - Web Protocols

MITREへのリンク →

APT42

Score: 3.93

Matched TTPs:

T1573.002 - Asymmetric Cryptography
T1071.001 - Web Protocols

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Turla

Score: 0.80

Matched TTPs:

T1090.001 - Internal Proxy
T1016.001 - Internet Connection Discovery
T1071.001 - Web Protocols
T1189 - Drive-by Compromise
T1583.006 - Web Services
T1090 - Proxy
T1055 - Process Injection
T1584.004 - Server
T1059.007 - JavaScript
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT32

Score: 0.80

Matched TTPs:

T1218.010 - Regsvr32
T1071.001 - Web Protocols
T1189 - Drive-by Compromise
T1583.006 - Web Services
T1135 - Network Share Discovery
T1203 - Exploitation for Client Execution
T1055 - Process Injection
T1550.003 - Pass the Ticket
T1059.007 - JavaScript
T1608.004 - Drive-by Target

MITREへのリンク →

Kimsuky

Score: 0.72

Matched TTPs:

T1218.010 - Regsvr32
T1071.001 - Web Protocols
T1583.006 - Web Services
T1588.005 - Exploits
T1055 - Process Injection
T1185 - Browser Session Hijacking
T1059.007 - JavaScript
T1102.002 - Bidirectional Communication

MITREへのリンク →

Lazarus Group

Score: 0.72

Matched TTPs:

T1090.001 - Internal Proxy
T1071.001 - Web Protocols
T1189 - Drive-by Compromise
T1583.006 - Web Services
T1090.002 - External Proxy
T1203 - Exploitation for Client Execution
T1584.004 - Server
T1529 - System Shutdown/Reboot
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT29

Score: 0.69

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1016.001 - Internet Connection Discovery
T1583.006 - Web Services
T1090.002 - External Proxy
T1203 - Exploitation for Client Execution
T1550.003 - Pass the Ticket
T1027.006 - HTML Smuggling

MITREへのリンク →

APT28

Score: 0.65

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1071.001 - Web Protocols
T1189 - Drive-by Compromise
T1583.006 - Web Services
T1090.002 - External Proxy
T1203 - Exploitation for Client Execution
T1137.002 - Office Test
T1102.002 - Bidirectional Communication

MITREへのリンク →

FIN7

Score: 0.62

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1583.006 - Web Services
T1674 - Input Injection
T1102.002 - Bidirectional Communication
T1059.007 - JavaScript
T1608.004 - Drive-by Target

MITREへのリンク →

Dragonfly

Score: 0.61

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1595.002 - Vulnerability Scanning
T1189 - Drive-by Compromise
T1135 - Network Share Discovery
T1203 - Exploitation for Client Execution
T1584.004 - Server
T1608.004 - Drive-by Target

MITREへのリンク →

Gamaredon Group

Score: 0.60

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1480 - Execution Guardrails
T1071.001 - Web Protocols
T1583.006 - Web Services
T1090 - Proxy
T1055 - Process Injection
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT41

Score: 0.56

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1595.002 - Vulnerability Scanning
T1071.001 - Web Protocols
T1090 - Proxy
T1135 - Network Share Discovery
T1203 - Exploitation for Client Execution
T1055 - Process Injection

MITREへのリンク →

Sandworm Team

Score: 0.56

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1195.002 - Compromise Software Supply Chain
T1071.001 - Web Protocols
T1090 - Proxy
T1203 - Exploitation for Client Execution
T1584.004 - Server
T1102.002 - Bidirectional Communication

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

EITest uses Adobe Flash to redirect to Angler exploit kit

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ