diff --git a/clusters/exploit-kit.json b/clusters/exploit-kit.json index 69f08b32..c0cc8721 100644 --- a/clusters/exploit-kit.json +++ b/clusters/exploit-kit.json @@ -17,7 +17,7 @@ "http://malware.dontneedcoffee.com/2014/09/astrum-ek.html", "http://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/" ], - "status": "Active", + "status": "Retired - Last seen 2017-06-14", "synonyms": [ "Stegano EK" ] @@ -25,10 +25,39 @@ "uuid": "e9ca60cd-94fc-4a54-ac98-30e675a46b3e", "value": "Astrum" }, + { + "description": "Underminer EK is an exploit kit that seems to be used privately against users in Asia. Functionalities: browser profiling and filtering, preventing of client revisits, URL randomization, and asymmetric encryption of payloads.", + "meta": { + "refs": [ + "https://blog.trendmicro.com/trendlabs-security-intelligence/new-underminer-exploit-kit-delivers-bootkit-and-cryptocurrency-mining-malware-with-encrypted-tcp-tunnel/", + "http://bobao.360.cn/interref/detail/248.html" + ], + "status": "Active", + "synonyms": [ + "Underminer EK" + ] + }, + "uuid": "49492577-62dd-491d-95d4-92a47adbd98a", + "value": "Underminer" + }, + { + "description": "Fallout Exploit Kit appeared at the end of August 2018 as an updated Nuclear Pack featuring current exploits seen in competiting Exploit Kit.", + "meta": { + "refs": [ + "https://www.nao-sec.org/2018/09/hello-fallout-exploit-kit.html" + ], + "status": "Active", + "synonyms": [ + "Fallout" + ] + }, + "uuid": "1f05f646-5af6-4a95-825b-164f49616aa4", + "value": "Fallout" + }, { "description": "Bingo EK is the name chosen by the defense for a Fiesta-ish EK first spotted in March 2017 and targetting at that times mostly Russia", "meta": { - "status": "Active" + "status": "Retired - Last seen 2017-07-07" }, "uuid": "9e864c01-3d9e-4b8d-811e-46471ff866e9", "value": "Bingo" @@ -39,7 +68,7 @@ "refs": [ "https://www.trustwave.com/Resources/SpiderLabs-Blog/Terror-Exploit-Kit--More-like-Error-Exploit-Kit/" ], - "status": "Active", + "status": "Retired - Last seen 2017-11-11", "synonyms": [ "Blaze EK", "Neptune EK" @@ -56,7 +85,7 @@ "http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-ramps-up-spear-phishing-before-zero-days-get-patched/", "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/" ], - "status": "Active", + "status": "Retired - Last seen ", "synonyms": [ "Sednit RTF EK" ] @@ -228,7 +257,7 @@ "refs": [ "https://www.proofpoint.com/us/threat-insight/post/Hunter-Exploit-Kit-Targets-Brazilian-Banking-Customers" ], - "status": "Retired - Last seen 2017-02-06", + "status": "Active", "synonyms": [ "3ROS Exploit Kit" ] @@ -705,5 +734,5 @@ "value": "Unknown" } ], - "version": 8 + "version": 9 }