Exploit Kit Threat Profile

EXPLOIT KITS

LIST OF KNOWN EXPLOIT KITS

WHAT ARE EXPLOIT KITS?

HOW DO EXPLOIT KITS WORK?

EXPLOIT KITS MITIGATION STRATEGIES

REPORTING

Known Exploit kits

Latest New/Updated Variants

Aug 16, 2017

Disdain

Aug 16, 2017

Jan 11, 2017

Terror

Jan 11, 2017

Dec 15, 2016

DNSChanger

Dec 15, 2016

Dec 7, 2016

Stegano

Dec 7, 2016

Nov 29, 2016

RIG

Nov 29, 2016

Nov 16, 2016

Sundown

Nov 16, 2016

Bizarro Sundown

Nov 16, 2016

Oct 6, 2016

Floki Bot

Oct 6, 2016

Aug 4, 2016

Neutrino

Aug 4, 2016

Jul 6, 2016

Angler

Jul 6, 2016

Blackhole

Jul 6, 2016

Fiesta

Jul 6, 2016

Magnitude

Jul 6, 2016

Nuclear

Jul 6, 2016

Sweet Orange

Jul 6, 2016

The below list is not exhaustive and is meant to provide an overview of the most prevalent exploit kits impacting US victims. This page is updated regularly with new information.

What are Exploit Kits?

Exploit Kits (EKs) are toolkits that automate the exploitation of vulnerabilities in popular software applications in order to maximize successful infections and serve as a platform to deliver malicious payloads such as Trojans, spyware, ransomware, and other malicious software. Most users will encounter EKs from visiting seemingly legitimate, high-traffic websites that either contain links to EKs embedded within malicious advertising (malvertising) or have malicious code hidden directly within the website itself. Malicious URLs linking to EKs are commonly distributed through spam email and spear-phishing campaigns.

How DO Exploit kits work?

Contact - the victim accesses a link that connects to an EK server (i.e. from a malicious ad, compromised website, or email hyperlink).

Redirect - the victim is filtered based on a set of criteria specified by the EK attacker, such as the IP address or browser type, and redirected to the server that hosts the EK, and then delivers them to the landing page that will determine what vulnerabilities to exploit.

Exploit - once the vulnerabilities are identified, the EK server downloads the exploit files to target the appropriate applications.

Infect - once the vulnerabilities are exploited, the attacker downloads and executes malware on the victim’s machine, often a banking Trojan or ransomware.

Read Threat Analysis

download threat profile

Exploit kits Mitigation strategies

The constantly evolving nature of exploit kits underscores the need for a progressive and proactive cybersecurity posture - one that equally addresses the vulnerabilities and exploits of people, processes, and technology. Click below for some mitigation strategies to help defend against EKs:

Recommendations

REPORTING

If your organization is the victim of an Exploit Kit attack, or would like to learn more about the NJCCIC, please contact a Cyber Liaison Officer at njccic@cyber.nj.gov.