Angler Exploit Kit to TeslaCrypt

There’s an excellent write up by Brad Duncan in the Internet Storm Center’s Handler Diaries on analyzing a compromise that used the Angler Exploit Kit to deliver TeslaCrypt.

From the article:

On Wednesday 2016-02-17 at approximately 18:14 UTC, I got a full chain of events.

The chain started with a compromised website that generated an admedia gate.

The gate led to Angler EK.

Finally, Angler EK delivered TeslaCrypt, and we saw some callback traffic from the malware.

· – – admedia gate
· – – Angler EK
· – – TeslaCrypt callback traffic

 Full write up is here.
Some of the obfuscation may seem daunting, but there’s a wealth of information on techniques to deobfuscate Javascript and other code. A lot of that information is in the Handlers Diaries itself. Here’s some other write ups from the ISC:
And from other sites:

This is a Security Bloggers Network syndicated blog post authored by JeffSoh. Read the original post at: JeffSoh on NetSec