{"id":13660,"date":"2018-10-24T09:10:08","date_gmt":"2018-10-24T17:10:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/10\/24\/news-7427\/"},"modified":"2018-10-24T09:10:08","modified_gmt":"2018-10-24T17:10:08","slug":"news-7427","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/10\/24\/news-7427\/","title":{"rendered":"Exploit kits: fall 2018 review"},"content":{"rendered":"<p><strong>Credit to Author: J\u00e9r\u00f4me Segura| Date: Wed, 24 Oct 2018 16:10:54 +0000<\/strong><\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/glossary\/exploit-kit\/\" target=\"_blank\" rel=\"noopener\">Exploit kit<\/a>\u00a0(EK) activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/08\/exploit-kits-summer-2018-review\/\" target=\"_blank\" rel=\"noopener\">summer review<\/a>, a new exploit kit was discovered, and\u00a0while no new vulnerabilities were added to the current EKs, several malvertising chains are still going strong.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2016\/08\/smoke-loader-downloader-with-a-smokescreen-still-alive\/\" target=\"_blank\" rel=\"noopener\">Smoke Loader<\/a>, <a href=\"https:\/\/blog.malwarebytes.com\/detections\/worm-ramnit\/\" target=\"_blank\" rel=\"noopener\">Ramnit<\/a>, and AZORult are some of the most common payloads we&#8217;ve observed in the last few months\u2014particularly in Japan and Canada. The geo-targeted exploit kits such as Magnitude EK continue to predominantly affect South Korea and Taiwan.<\/p>\n<p>Another interesting trend as of late is a decrease in <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/cryptomining\/\" target=\"_blank\" rel=\"noopener\">cryptomining<\/a> payloads and an increase in ransomware drops instead, mostly via the Fallout and RIG EKs.<\/p>\n<h3>Fall 2018 EK overview<\/h3>\n<ul>\n<li>Fallout EK<\/li>\n<li>RIG EK<\/li>\n<li>GrandSoft EK<\/li>\n<li>Magnitude EK<\/li>\n<li>Underminer EK<\/li>\n<\/ul>\n<p>Internet Explorer\u2019s\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/05\/internet-explorer-zero-day-browser-attack\/\" target=\"_blank\" rel=\"noopener\">CVE-2018-8174<\/a>\u00a0and Flash\u2019s\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/02\/new-flash-player-zero-day-comes-inside-office-document\/\" target=\"_blank\" rel=\"noopener\">CVE-2018-4878<\/a>\u00a0continue to be the most relied upon vulnerabilities.<\/p>\n<h3>Fallout EK<\/h3>\n<p>Fallout EK, <a href=\"https:\/\/www.nao-sec.org\/2018\/09\/hello-fallout-exploit-kit.html\" target=\"_blank\" rel=\"noopener\">discovered by team nao_sec<\/a>, is the newest exploit kit which takes its name and URI patterns from the defunct Nuclear EK. Fallout EK has diverse campaigns that are not limited to a particular geographic location and therefore could be seen as a direct rival to RIG EK. Due to its constantly changing and complex URI paths, Fallout EK stands out from its counterparts.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/FalloutEK.png\" data-rel=\"lightbox-0\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"25999\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/attachment\/falloutek\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/FalloutEK.png\" data-orig-size=\"708,690\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"FalloutEK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/FalloutEK-300x292.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/FalloutEK-600x585.png\" class=\"size-full wp-image-25999 alignnone\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/FalloutEK.png\" alt=\"\" width=\"708\" height=\"690\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/FalloutEK.png 708w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/FalloutEK-300x292.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/FalloutEK-600x585.png 600w\" sizes=\"auto, (max-width: 708px) 100vw, 708px\" \/><\/a><\/p>\n<p>The payload in this sequence is <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/01\/gandcrab-ransomware-distributed-by-rig-and-grandsoft-exploit-kits\/\" target=\"_blank\" rel=\"noopener\">GandCrab ransomware<\/a>.<\/p>\n<pre>229BD13628C1AE3E84A9C7860617B836ACCDE4D932D2A2DC9DB64E78C211DA41<\/pre>\n<h3>RIG EK<\/h3>\n<p>Not much has changed with RIG EK in recent times, but since the arrival of its new competitor, Fallout EK, our telemetry shows its usage has slowly declined in the past quarter.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/RIGEK.png\" data-rel=\"lightbox-1\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"26000\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/attachment\/rigek-2\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/RIGEK.png\" data-orig-size=\"707,705\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"RIGEK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/RIGEK-300x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/RIGEK-600x598.png\" class=\"size-full wp-image-26000 alignnone\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/RIGEK.png\" alt=\"\" width=\"707\" height=\"705\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/RIGEK.png 707w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/RIGEK-150x150.png 150w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/RIGEK-300x300.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/RIGEK-600x598.png 600w\" sizes=\"auto, (max-width: 707px) 100vw, 707px\" \/><\/a><\/p>\n<p>The payload in this sequence is Kraken ransomware.<\/p>\n<pre>2F5DEC0A8E1DA5F23B818D48EFB0B9B7065023D67C617A78CD8B14808A79C0DC<\/pre>\n<h3>GrandSoft EK<\/h3>\n<p>GrandSoft EK is a little less common than the other EKs that we track. Some of its delivery chains include compromised websites acting as an intermediary gate. Thanks to team nao_sec for sharing some recent traffic.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/GrandSoftEK.png\" data-rel=\"lightbox-2\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"26002\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/attachment\/grandsoftek\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/GrandSoftEK.png\" data-orig-size=\"678,706\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"GrandSoftEK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/GrandSoftEK-288x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/GrandSoftEK-576x600.png\" class=\"alignnone size-full wp-image-26002\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/GrandSoftEK.png\" alt=\"\" width=\"678\" height=\"706\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/GrandSoftEK.png 678w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/GrandSoftEK-288x300.png 288w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/GrandSoftEK-576x600.png 576w\" sizes=\"auto, (max-width: 678px) 100vw, 678px\" \/><\/a><\/p>\n<p>The payload in this sequence is the Ramnit banker.<\/p>\n<pre>6FDA89FBB9FD66EE929665E376077E07C1BD2AF2D91C63148A7F5E818E4D27B2<\/pre>\n<h3>Magnitude EK<\/h3>\n<p>Magnitude EK continues to faithfully deliver its own brand of ransomware to targeted countries, such as South Korea. and Taiwan. It is one of the rare exploit kits that uses a truly fileless payload, which makes its extraction to disk a challenge.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/MagnitudeEK.png\" data-rel=\"lightbox-3\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"26001\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/attachment\/magnitudeek-2\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/MagnitudeEK.png\" data-orig-size=\"678,724\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"MagnitudeEK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/MagnitudeEK-281x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/MagnitudeEK-562x600.png\" class=\"size-full wp-image-26001 alignnone\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/MagnitudeEK.png\" alt=\"\" width=\"678\" height=\"724\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/MagnitudeEK.png 678w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/MagnitudeEK-281x300.png 281w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/MagnitudeEK-562x600.png 562w\" sizes=\"auto, (max-width: 678px) 100vw, 678px\" \/><\/a><\/p>\n<p>The payload in this sequence is Magniber ransomware (extracted with <a href=\"https:\/\/twitter.com\/hasherezade\" target=\"_blank\" rel=\"noopener\">@hasherezade<\/a>&#8216;s <a href=\"https:\/\/github.com\/hasherezade\/hollows_hunter\" target=\"_blank\" rel=\"noopener\">hollows_hunter<\/a>).<\/p>\n<pre>F229AE5F68C72E678D4D706CE84ABFCCC983A299E39BEBCD990AECE7E3F97D71<\/pre>\n<h3>Underminer EK<\/h3>\n<p>We spotted Underminer EK a few times during the past quarter. This exploit kit is unique because its payload delivery, a bootkit, is vastly different from any other EK.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/UnderminerEK.png\" data-rel=\"lightbox-4\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"26003\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/attachment\/underminerek\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/UnderminerEK.png\" data-orig-size=\"677,927\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"UnderminerEK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/UnderminerEK-219x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/UnderminerEK-438x600.png\" class=\"alignnone size-full wp-image-26003\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/UnderminerEK.png\" alt=\"\" width=\"677\" height=\"927\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/UnderminerEK.png 677w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/UnderminerEK-219x300.png 219w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/UnderminerEK-438x600.png 438w\" sizes=\"auto, (max-width: 677px) 100vw, 677px\" \/><\/a><\/p>\n<p>The payload in this sequence is a bootkit infector.<\/p>\n<h3>Mitigation<\/h3>\n<p>As always, it is important to keep systems up-to-date and reduce the attack surface whenever possible. The current vulnerabilities used by the above exploit kits have already been patched by their respective vendors.<\/p>\n<p>Malwarebytes&#8217; <a href=\"https:\/\/www.malwarebytes.com\/business\/endpointprotectionandresponse\/?utm_source=digital&amp;utm_medium=blog&amp;utm_campaign=q3fy19\" target=\"_blank\" rel=\"noopener\">application hardening protection layer<\/a> blocks these EKs before they even get a chance to drop their payloads.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/EKs_fall_2018.gif\" data-rel=\"lightbox-5\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"26043\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/attachment\/eks_fall_2018\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/EKs_fall_2018.gif\" data-orig-size=\"1045,688\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"EKs_fall_2018\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/EKs_fall_2018-300x198.gif\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/EKs_fall_2018-600x395.gif\" class=\"alignnone size-full wp-image-26043\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/EKs_fall_2018.gif\" alt=\"\" width=\"1045\" height=\"688\" \/><\/a><\/p>\n<h3>Extended shelf life<\/h3>\n<p>The recent addition of Fallout EK has given exploit kits yet another extension on their otherwise limited shelf life by tapping into existing and new malvertising campaigns with a wider geographic focus.<\/p>\n<p>As 2019 comes closer, Internet Explorer is still offering opportunities for newer exploits yet to be weaponized, but we could see other browsers such as Edge gain some attention as well.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/\">Exploit kits: fall 2018 review<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: J\u00e9r\u00f4me Segura| Date: Wed, 24 Oct 2018 16:10:54 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/' title='Exploit kits: fall 2018 review'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/10\/shutterstock_697076155-1.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>With a fresh exploit kit in town, the drive-by download landscape shows new signs of life in fall 2018.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/threat-analysis\/exploits-threat-analysis\/\" rel=\"category tag\">Exploits<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/threat-analysis\/\" rel=\"category tag\">Threat analysis<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/anti-exploit\/\" rel=\"tag\">anti exploit<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/azorult\/\" rel=\"tag\">AZORult<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ek\/\" rel=\"tag\">EK<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/eks\/\" rel=\"tag\">EKs<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/exploit-kit\/\" rel=\"tag\">exploit kit<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/exploit-kits\/\" rel=\"tag\">exploit kits<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/exploits\/\" rel=\"tag\">exploits<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fallout\/\" rel=\"tag\">Fallout<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fallout-ek\/\" rel=\"tag\">Fallout EK<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/grandsoft\/\" rel=\"tag\">grandsoft<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/grandsoft-ek\/\" rel=\"tag\">GrandSoft EK<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/magnitude\/\" rel=\"tag\">Magnitude<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/magnitude-ek\/\" rel=\"tag\">magnitude EK<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ramnit\/\" rel=\"tag\">ramnit<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/ramnit-trojan\/\" rel=\"tag\">Ramnit Trojan<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/rig\/\" rel=\"tag\">RIG<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/rig-ek\/\" rel=\"tag\">RIG EK<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/smoke-loader\/\" rel=\"tag\">smoke loader<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/smoke-loader-malware\/\" rel=\"tag\">Smoke Loader Malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/underminer\/\" rel=\"tag\">Underminer<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/underminer-ek\/\" rel=\"tag\">Underminer EK<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/' title='Exploit kits: fall 2018 review'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/10\/exploit-kits-fall-2018-review\/\">Exploit kits: fall 2018 review<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11725,19944,10527,11787,10534,10528,10987,19945,19946,17365,19947,7871,13489,11691,16825,11589,11792,16768,17157,10494,19148,19948],"class_list":["post-13660","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-anti-exploit","tag-azorult","tag-ek","tag-eks","tag-exploit-kit","tag-exploit-kits","tag-exploits","tag-fallout","tag-fallout-ek","tag-grandsoft","tag-grandsoft-ek","tag-magnitude","tag-magnitude-ek","tag-ramnit","tag-ramnit-trojan","tag-rig","tag-rig-ek","tag-smoke-loader","tag-smoke-loader-malware","tag-threat-analysis","tag-underminer","tag-underminer-ek"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=13660"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/13660\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=13660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=13660"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=13660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}