The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK | Proofpoint US
Tags
Common Information
| Type | Value |
|---|---|
| UUID | d70207c6-6e1d-4b27-8b84-2a056cfde10e |
| Fingerprint | acb10b53a82d1ac1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 15, 2015, 5:15 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK |
| Title | The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK | Proofpoint US |
| Detected Hints/Tags/Attributes | 54/2/46 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | ads.mikeholt.com |
|
| Details | Domain | 1 | www.mikeholt.com |
|
| Details | Domain | 1 | mikeholt.com |
|
| Details | Domain | 1 | adv.mtcharlestonlodge.com |
|
| Details | Domain | 1 | media.healthy-homemakers.com |
|
| Details | Domain | 1 | promo.loopnetworksllc.com |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 41 | malware.dontneedcoffee.com |
|
| Details | Domain | 38 | blogs.cisco.com |
|
| Details | Domain | 2 | hiddencodes.wordpress.com |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 1 | delivery.dpis.com |
|
| Details | Domain | 1 | promo.socialmagnetmarketing.com |
|
| Details | Domain | 1 | ninthclub.com |
|
| Details | Domain | 1 | atlasbeta.com |
|
| Details | Domain | 1 | alutqlyzoxglge7s.com |
|
| Details | Domain | 1 | browneyandrebun.net |
|
| Details | Domain | 1 | zwietrzyla1morinaga.efloridacoupons.com |
|
| Details | File | 1 | a-doubleclick-https-open-redirect-used.html |
|
| Details | File | 1 | angler-ek-now-capable-of-fileless.html |
|
| Details | File | 2 | a-fileless-ursnif-doing-some-pos.html |
|
| Details | md5 | 1 | c1bc86552e558cc37ee7df3a16ef8ac7 |
|
| Details | md5 | 1 | 2839b5e418adc25b0d3a2b9bd04efb99 |
|
| Details | md5 | 1 | d37994ac8bb0df034d942c10ae471094 |
|
| Details | md5 | 1 | 2408e9df8cb82e575002176a4dcd69a5 |
|
| Details | md5 | 1 | d3670b3a2bba2ff92f2e7cbfc63be941 |
|
| Details | md5 | 1 | b37717d09b61cbfe5c023e8d5fd968ed |
|
| Details | IPv4 | 1 | 209.126.110.7 |
|
| Details | IPv4 | 1 | 209.126.118.13 |
|
| Details | IPv4 | 1 | 209.126.118.11 |
|
| Details | IPv4 | 1 | 209.126.118.18 |
|
| Details | IPv4 | 1 | 209.126.118.14 |
|
| Details | IPv4 | 1 | 81.177.22.179 |
|
| Details | IPv4 | 1 | 176.9.188.147 |
|
| Details | IPv4 | 1 | 95.211.205.229 |
|
| Details | IPv4 | 1 | 107.170.83.113 |
|
| Details | IPv4 | 1 | 8.26.21.113 |
|
| Details | IPv4 | 1 | 51.255.59.117 |
|
| Details | Url | 1 | https://ads.mikeholt.com |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/online_advertising |
|
| Details | Url | 1 | http://malware.dontneedcoffee.com/2015/10/a-doubleclick-https-open-redirect-used.html |
|
| Details | Url | 1 | http://blogs.cisco.com/security/talos/angler-domain-shadowing |
|
| Details | Url | 1 | http://malware.dontneedcoffee.com/2014/08/angler-ek-now-capable-of-fileless.html |
|
| Details | Url | 1 | https://hiddencodes.wordpress.com/2014/10/01/digging-deep-into-angler-fileless-exploit-delivery-2 |
|
| Details | Url | 2 | http://malware.dontneedcoffee.com/2015/07/a-fileless-ursnif-doing-some-pos.html |
|
| Details | Url | 1 | https://www.proofpoint.com/us/threat-insight/post/in-the-shadows |