Angler Exploit Kit to TeslaCrypt

There's an excellent write up by Brad Duncan in the Internet Storm Center's Handler Diaries on analyzing a compromise that used the Angler Exploit Kit to deliver TeslaCrypt.From the article:On Wednesday 2016-02-17 at approximately 18:14 UTC, I got a full chain of events.The chain started with a compromised website that generated an admedia gate.The gate led to Angler EK. Finally, Angler EK delivered TeslaCrypt, and we saw some callback traffic from the malware.·         178.62.122.211 - img.belayamorda.info - admedia gate·         185.46.11.113 - ssd.summerspellman.com - Angler EK·         192.185.39.64 -...
Read more