Cisco Blogs

Malware Word Search: Identifying Angler’s Dictionary

March 21, 2016 - 0 Comments

This post authored by Steve Poulson with contributions from Nick Biasini.

Exploit kits are constantly evolving and changing. We recently wrote about some subtle Angler changes but then Angler changed drastically on March 8. In this blog post, we will briefly cover these changes, examining different characteristics of the URL structure for Angler and the origins of the words being leveraged to create them.

New Angler
Beginning on March 8, Talos noticed some major changes to the URL structure for Angler. These changes were drastic and have altered every part of the URL for the landing pages. Let’s first look at the old syntax:


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.