What does Angler EK do?

What does Angler EK do?

Angler EK Payloads Different campaigns use Angler EK to distribute different types of malware. The most prominent type of payload from campaigns using Angler EK appears to be ransomware. In 2015, the ransomware was most often CryptoWall. By the start of 2016, it was primarily TeslaCrypt.

What is angler malware?

Angler was one of the leading exploit kits used by cybercriminals to distribute malware ranging from ransomware and banking Trojans to ad fraud. Like most other exploit kits, it focused on web-based vulnerabilities in the browsers and their plugins.

What is the exploit kit EK in use?

Exploit kits (EKs) are automated programs used by cybercriminals to exploit systems or applications. What makes an exploit kit very dangerous is its ability to identify victims while they browse the web. After they target a potential victim’s vulnerabilities, attackers can download and execute their malware of choice.

What is a rig exploit kit?

The primary infection method used by attackers to distribute exploit kits, in this case the Rig Exploit Kit, is through compromised websites that, when visited, drops the exploit code to ultimately send the RedLine Stealer payload to carry out follow-on attacks.

What is angler exploit kit (nuclear Ek)?

As we promised in one of our previous blog posts about exploit kits ( Nuclear EK ), we are going to take a more in-depth look at Angler Exploit Kit. Angler EK is possibly the most sophisticated exploit kit currently used by cyberciminals.

What are the risks of using embedded flash in an angler?

An additional complication is Angler using embedded Flash objects. The initial Flash loaded from the landing page is fairly innocuous, serving merely as a loader to deliver the exploit via an inner Flash. The inner Flash may be carried as a binaryData object or encoded as a string within the ActionScript.

What is the infection process of angler exploit kit?

The infection process also involves using a heap of subdomains associated with the domains presented above. These represent the primary platform that Angler exploit kit uses to distribute CryptoWall 4.0 in drive-by attacks.

What is angler encoding its script functionality?

For the past year or so, Angler has been encoding its main script functionality as data strings stored in the parent HTML. This content is then retrieved and decoded when the landing page is loaded by the browser. This is a common and well established anti-emulation technique used by numerous malicious threats.