Angler Exploit Kit from 188.8.131.52 sends Bedep
The norm for Angler Exploit Kit from the “pseudo-Darkleech” campaign is to send BEDEP and CRYPTXXX. In a recent post by Malware-Traffic-Analysis he writes about how Bedep acts differently when it detects a VM (Virtual Machine). I do not know if this was the case for this infection but I feel it should be noted.
- 184.108.40.206 – nzersef.tk – EiTest GATE
- 220.127.116.11 – stnd0z.nqj7hnp.top – Angler LANDING PAGE
- 18.104.22.168 – mbkdkxmbkjabafqvut.com – POST /index.php – Bedep POST INFECTION TRAFFIC
- 22.214.171.124 – POST /calendar.php – Bedep POST INFECTION TRAFFIC
IMAGES and DETAILS:
MALICIOUS PAYLOAD SENT BY ANGLER: