Angler EK from 82.146.46.242

ASSOCIATED DOMAINS:

  • lumenproductosholisticos.com – COMPROMISED SITE
  • 85.93.0.33 – bmwstar.tk – GATE TO EXPLOIT KIT
  • 188.120.241.136 – mr.youarebow.com /topic/86131- ANGLER EXPLOIT KIT

Shown above: Injected script redirecting to bmwstar.tk – Gate to Angler Exploit Kit

 

Shown above: Index page for bmwstar.tk shows javascript redirect to mr.youarebow.com, the Angle EK host.

 

Shown above: Flash file extracted from wireshark pcap file for analysis

 

Shown above: admedia’s URI – /topic/

 

MD5 HASH FOR ANGLER EXPLOIT KIT:

39f4cb91e53f903423eb3a1a60c31ba5 – 03-10-2016-lumenproductosholisticos-com1.swf
Virus Total Link