Bingo EK is the name chosen by the defense for a Fiesta-ish EK first spotted in March 2017 and targetting at that times mostly Russia
+Terror EK is built on Hunter, Sundown and RIG EK code
@@ -623,19 +629,9 @@ Exploit-Kit is a cluster galaxy available in JSON format at -Hunter EK is an evolution of 3Ros EK
-Hunter is also known as:
-3ROS Exploit Kit
-Disdain EK has been introduced on underground forum on 2017-08-07. The panel is stolen from Sundown, the pattern are Terror alike and the obfuscation reminds Nebula
Neutrino Exploit Kit has been one of the major exploit kit from its launch in 2013 till september 2016 when it become private (defense name for this variation is Neutrino-v). This EK vanished from march 2014 till november 2014.
-Neutrino is also known as:
-Job314
-Neutrino Rebooted
-Neutrino-v
-Links |
-
http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more-exploit-kit.html |
-
http://malware.dontneedcoffee.com/2014/11/neutrino-come-back.html |
-
RIG is an exploit kit that takes its source in Infinity EK itself an evolution of Redkit. It became dominant after the fall of Angler, Nuclear Pack and the end of public access to Neutrino. RIG-v is the name given to RIG 4 when it was only accessible by "vip" customers and when RIG 3 was still in use.
@@ -814,7 +771,7 @@ Exploit-Kit is a cluster galaxy available in JSON format at -Sundown-P/Sundown-Pirate is a rip of Sundown seen used in a private way (One group using it only) - First spotted at the end of June 2017, branded as CaptainBlack in August 2017
+Sundown-P is also known as:
+Sundown-Pirate
+CaptainBlack
+Links |
+
+ |
Bizarro Sundown appears to be a fork of Sundown with added anti-analysis features
@@ -894,6 +884,36 @@ Exploit-Kit is a cluster galaxy available in JSON format at +Hunter EK is an evolution of 3Ros EK
+Hunter is also known as:
+3ROS Exploit Kit
+Links |
+
+ |
GreenFlash Sundown is a variation of Bizarro Sundown without landing
@@ -909,7 +929,7 @@ Exploit-Kit is a cluster galaxy available in JSON format at -Neutrino Exploit Kit has been one of the major exploit kit from its launch in 2013 till september 2016 when it become private (defense name for this variation is Neutrino-v). This EK vanished from march 2014 till november 2014.
+Neutrino is also known as:
+Job314
+Neutrino Rebooted
+Neutrino-v
+Links |
+
http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more-exploit-kit.html |
+
http://malware.dontneedcoffee.com/2014/11/neutrino-come-back.html |
+
Niteris was used mainly to target Russian.
@@ -1417,7 +1476,7 @@ Exploit-Kit is a cluster galaxy available in JSON format at -WhiteHole Exploit Kit appeared in January 2013 in the tail of the CVE-2013-0422
+Links |
+
http://malware.dontneedcoffee.com/2013/02/briefly-wave-whitehole-exploit-kit-hello.html |
+
Unknown Exploit Kit. This is a place holder for any undocumented Exploit Kit. If you use this tag, we will be more than happy to give the associated EK a deep look.