Angler has been in the news in recent weeks for its rapid absorption of a series of Adobe Flash zero-days. The malware runs from memory, without having to write to the hard-drives of its victims. Angler can tell if a researcher is attempting to execute its code in a virtual machine. The payload, known as Bedep, isn t malicious on its own, but is used to download additional malware. It s obfuscation is noteworthy, mainly because of the way it uses a simple transposition-based cipher to encrypt URL paths.
Source: https://threatpost.com/analyzing-angler-the-worlds-most-sophisticated-exploit-kit/110904/