{"id":14572,"date":"2019-02-12T09:10:02","date_gmt":"2019-02-12T17:10:02","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/02\/12\/news-8322\/"},"modified":"2019-02-12T09:10:02","modified_gmt":"2019-02-12T17:10:02","slug":"news-8322","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/02\/12\/news-8322\/","title":{"rendered":"Exploit kits: winter 2019 review"},"content":{"rendered":"<p><strong>Credit to Author: J\u00e9r\u00f4me Segura| Date: Tue, 12 Feb 2019 16:00:00 +0000<\/strong><\/p>\n<p>Active malvertising campaigns in December and the new year have kept exploit kit activity from hibernating in winter 2019. We mostly observed Fallout and RIG with the occasional, limited GrandSoft appearance for wider geo-targeting.<\/p>\n<p>In addition, narrowly-focused exploit kits such as Magnitude, Underminer, and GreenFlash Sundown stayed on the same track: delivering ransomware to mostly Asian countries, and South Korea in particular.<\/p>\n<h3>Winter 2019 overview<\/h3>\n<ul>\n<li>Fallout EK<\/li>\n<li>RIG EK<\/li>\n<li>GrandSoft EK<\/li>\n<li>Magnitude EK<\/li>\n<li>Underminer EK<\/li>\n<li>GreenFlash Sundown EK<\/li>\n<\/ul>\n<p>Internet Explorer\u2019s\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/05\/internet-explorer-zero-day-browser-attack\/\" target=\"_blank\" rel=\"noopener\">CVE-2018-8174<\/a>\u00a0and Flash\u2019s\u00a0<a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/02\/new-flash-player-zero-day-comes-inside-office-document\/\" target=\"_blank\" rel=\"noopener\">CVE-2018-4878<\/a>\u00a0continue to be the most common vulnerabilities across the board, even though a couple exploit kits have now integrated the newer Flash <a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2018\/12\/new-flash-player-zero-day-used-russian-facility\/\" target=\"_blank\" rel=\"noopener\">CVE-2018-15982<\/a>.<\/p>\n<h3>Fallout EK<\/h3>\n<p>Fallout keeps bringing fresh air into an otherwise stale atmosphere by introducing new <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/01\/improved-fallout-ek-comes-back-after-short-hiatus\/\" target=\"_blank\" rel=\"noopener\">features<\/a> and even adopting newer vulnerabilities. It also appears to be a good experimental framework for some actors who have customized the payload delivery. Fallout was the second exploit kit to add\u00a0<a href=\"https:\/\/malware.dontneedcoffee.com\/2019\/01\/CVE-2018-15982.html\" target=\"_blank\" rel=\"noopener\">CVE-2018-15982<\/a>, a more recent vulnerability for the Flash Player.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Fallout_EK_.png\" data-rel=\"lightbox-0\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"27125\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/attachment\/fallout_ek_\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Fallout_EK_.png\" data-orig-size=\"666,670\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Fallout_EK_\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Fallout_EK_-298x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Fallout_EK_-596x600.png\" class=\"alignnone size-full wp-image-27125\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Fallout_EK_.png\" alt=\"\" width=\"666\" height=\"670\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Fallout_EK_.png 666w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Fallout_EK_-150x150.png 150w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Fallout_EK_-298x300.png 298w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Fallout_EK_-596x600.png 596w\" sizes=\"auto, (max-width: 666px) 100vw, 666px\" \/><\/a><\/p>\n<h3>RIG EK<\/h3>\n<p>Good old RIG is still kicking around, but has taken a back seat to the newer Fallout in many of the malvertising chains we track, except perhaps for <a href=\"https:\/\/malwarebreakdown.com\/2017\/08\/16\/fobos-campaign-using-rig-ek-to-drop-bunitu-trojan\/\">Fobos<\/a>. There haven&#8217;t been any notable changes to report since we last reviewed it.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/RIG_EK_.png\" data-rel=\"lightbox-1\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"27121\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/attachment\/rig_ek_-2\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/RIG_EK_.png\" data-orig-size=\"667,689\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"RIG_EK_\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/RIG_EK_-290x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/RIG_EK_-581x600.png\" class=\"alignnone size-full wp-image-27121\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/RIG_EK_.png\" alt=\"\" width=\"667\" height=\"689\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/RIG_EK_.png 667w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/RIG_EK_-290x300.png 290w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/RIG_EK_-581x600.png 581w\" sizes=\"auto, (max-width: 667px) 100vw, 667px\" \/><\/a><\/p>\n<h3>GrandSoft EK<\/h3>\n<p>GrandSoft and its Ramnit payload still go hand-in-hand via limited distribution tied to compromised websites. It is perhaps one of the least sophisticated exploit kits on the market right now.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GrandSoft_EK.png\" data-rel=\"lightbox-2\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"27124\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/attachment\/grandsoft_ek-4\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GrandSoft_EK.png\" data-orig-size=\"665,652\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"GrandSoft_EK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GrandSoft_EK-300x294.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GrandSoft_EK-600x588.png\" class=\"alignnone size-full wp-image-27124\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GrandSoft_EK.png\" alt=\"\" width=\"665\" height=\"652\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GrandSoft_EK.png 665w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GrandSoft_EK-300x294.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GrandSoft_EK-600x588.png 600w\" sizes=\"auto, (max-width: 665px) 100vw, 665px\" \/><\/a><\/p>\n<h3>Magnitude EK<\/h3>\n<p>Meanwhile, Magnitude EK is active and served up via malvertising chains, with a focus on some APAC countries like South Korea. Magnitude continues to deliver its fileless Magniber ransomware payload.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Magnitude_EK_.png\" data-rel=\"lightbox-3\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"27123\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/attachment\/magnitude_ek_-3\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Magnitude_EK_.png\" data-orig-size=\"668,709\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Magnitude_EK_\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Magnitude_EK_-283x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Magnitude_EK_-565x600.png\" class=\"alignnone size-full wp-image-27123\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Magnitude_EK_.png\" alt=\"\" width=\"668\" height=\"709\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Magnitude_EK_.png 668w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Magnitude_EK_-283x300.png 283w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Magnitude_EK_-565x600.png 565w\" sizes=\"auto, (max-width: 668px) 100vw, 668px\" \/><\/a><\/p>\n<h3>Underminer EK<\/h3>\n<p>Underminer&#8217;s over-the-top encryption schemes to hide its exploits are keeping us researchers honest when trying to identify exactly what is under the hood. It&#8217;s worth noting that only a few days after the Flash zero-day and Proof of Concept (PoC) had been published (<a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2018\/12\/new-flash-player-zero-day-used-russian-facility\/\" target=\"_blank\" rel=\"noopener\">CVE-2018-15982<\/a>), Underminer was already <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/12\/underminer-exploit-kit-improves-latest-iteration\/\" target=\"_blank\" rel=\"noopener\">implementing<\/a>\u00a0it.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Underminer_EK.png\" data-rel=\"lightbox-4\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"27132\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/attachment\/underminer_ek-2\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Underminer_EK.png\" data-orig-size=\"667,856\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Underminer_EK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Underminer_EK-234x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Underminer_EK-468x600.png\" class=\"alignnone size-full wp-image-27132\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Underminer_EK.png\" alt=\"\" width=\"667\" height=\"856\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Underminer_EK.png 667w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Underminer_EK-234x300.png 234w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/Underminer_EK-468x600.png 468w\" sizes=\"auto, (max-width: 667px) 100vw, 667px\" \/><\/a><\/p>\n<h3>GreenFlash Sundown EK<\/h3>\n<p>Also a geo-specific exploit kit, GreenFlash Sundown has been delivering various breeds of ransomware to targets in Asia. In our latest capture, we saw it drop the Seon ransomware on South Korean users.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GreenFlash_Sundown.png\" data-rel=\"lightbox-5\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"27146\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/attachment\/greenflash_sundown\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GreenFlash_Sundown.png\" data-orig-size=\"668,761\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"GreenFlash_Sundown\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GreenFlash_Sundown-263x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GreenFlash_Sundown-527x600.png\" class=\"alignnone size-full wp-image-27146\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GreenFlash_Sundown.png\" alt=\"\" width=\"668\" height=\"761\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GreenFlash_Sundown.png 668w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GreenFlash_Sundown-263x300.png 263w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/GreenFlash_Sundown-527x600.png 527w\" sizes=\"auto, (max-width: 668px) 100vw, 668px\" \/><\/a><\/p>\n<h3>Mitigation<\/h3>\n<p>While timely patching and avoidance of Internet Explorer as a web browser would offer protection against the above-mentioned exploit kits, the reality is that many users (especially in corporate environments) are still trailing behind. In addition, while IE is being phased out in North America, it&#8217;s still highly adopted in Asian countries\u2014which explains why they are currently being targeted.<\/p>\n<p><a href=\"http:\/\/www.malwarebytes.com\" target=\"_blank\" rel=\"noopener\">Malwarebytes&#8217; anti-exploit technology<\/a> blocks each of these exploit kits\u2014Fallout, RIG, GrandSoft, Magnitude,\u00a0Underminer, and GreenFlash Sundown\u2014before they even have a chance to drop their payload.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"27152\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/attachment\/replay_winter\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/replay_winter.gif\" data-orig-size=\"1079,825\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"replay_winter\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/replay_winter-300x229.gif\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/replay_winter-600x459.gif\" class=\"alignnone size-full wp-image-27152\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/replay_winter.gif\" alt=\"\" width=\"1079\" height=\"825\" \/><\/p>\n<p>As we move further into 2019, we can say that exploit kits, while nowhere near their peak activity in 2017, are still hanging on, being used primarily in malvertising distribution campaigns. In terms of global activity, Fallout is leading the charge, providing the most diverse campaigns and payloads. Meanwhile, the Asia-specific EKs are for the most part continuing on with their usual pattern of driving innovation (to a degree) and distributing ransomware.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/\">Exploit kits: winter 2019 review<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: J\u00e9r\u00f4me Segura| Date: Tue, 12 Feb 2019 16:00:00 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/' title='Exploit kits: winter 2019 review'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/02\/shutterstock_524011267.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>We review the top exploit kits in this winter 2019 snapshot.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/threat-analysis\/exploits-threat-analysis\/\" rel=\"category tag\">Exploits<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/threat-analysis\/\" rel=\"category tag\">Threat analysis<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/ek\/\" rel=\"tag\">EK<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/eks\/\" rel=\"tag\">EKs<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/exploit-kits\/\" rel=\"tag\">exploit kits<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fallout\/\" rel=\"tag\">Fallout<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/magnitude\/\" rel=\"tag\">Magnitude<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/rig\/\" rel=\"tag\">RIG<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/sundown\/\" rel=\"tag\">sundown<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/underminer\/\" rel=\"tag\">Underminer<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/' title='Exploit kits: winter 2019 review'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/\">Exploit kits: winter 2019 review<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10527,11787,10528,10987,19945,7871,11589,10535,10494,19148],"class_list":["post-14572","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-ek","tag-eks","tag-exploit-kits","tag-exploits","tag-fallout","tag-magnitude","tag-rig","tag-sundown","tag-threat-analysis","tag-underminer"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14572"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14572\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14572"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}