{"id":15309,"date":"2019-05-14T09:10:12","date_gmt":"2019-05-14T17:10:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/05\/14\/news-9058\/"},"modified":"2019-05-14T09:10:12","modified_gmt":"2019-05-14T17:10:12","slug":"news-9058","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/05\/14\/news-9058\/","title":{"rendered":"Exploit kits: spring 2019 review"},"content":{"rendered":"<p><strong>Credit to Author: J\u00e9r\u00f4me Segura| Date: Tue, 14 May 2019 15:57:05 +0000<\/strong><\/p>\n<p>Exploit kit activity remains fairly unchanged since our last <a rel=\"noreferrer noopener\" aria-label=\"winter review (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/02\/exploit-kits-winter-2019-review\/\" target=\"_blank\">winter review<\/a> in terms of active distribution campaigns. But this spring edition will feature a new exploit kit and another atypical EK, in that it specifically goes after routers.<\/p>\n<p>The main driver behind these drive-by download attacks are various malvertising chains with strong geolocation filtering. This explains why some exploit kits will be less visible than others.<\/p>\n<p>According to our telemetry, the US is by far the country most affected by exploit kits, while Spain and South Korea are leading in Europe and Asia, respectively.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/pie_chart.png\" data-rel=\"lightbox-0\" title=\"\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"38580\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/attachment\/pie_chart\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/pie_chart.png\" data-orig-size=\"1316,876\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"pie_chart\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/pie_chart-300x200.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/pie_chart-600x399.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/pie_chart.png\" alt=\"\" class=\"wp-image-38580\" width=\"573\" height=\"382\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/pie_chart.png 1316w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/pie_chart-300x200.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/pie_chart-600x399.png 600w\" sizes=\"auto, (max-width: 573px) 100vw, 573px\" \/><\/a><\/figure>\n<\/div>\n<h3>Spring 2019 overview<\/h3>\n<ul>\n<li>Spelevo EK<\/li>\n<li>Fallout EK<\/li>\n<li>Magnitude EK<\/li>\n<li>RIG EK<\/li>\n<li>Underminer EK<\/li>\n<li>Router EK<\/li>\n<\/ul>\n<h3>Vulnerabilties<\/h3>\n<p>Internet Explorer&#8217;s <a rel=\"noreferrer noopener\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/05\/internet-explorer-zero-day-browser-attack\/\" target=\"_blank\">CVE-2018-8174<\/a> and Flash Player\u2019s <a rel=\"noreferrer noopener\" href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2018\/12\/new-flash-player-zero-day-used-russian-facility\/\" target=\"_blank\">CVE-2018-15982<\/a> are the most common vulnerabilities, while the older<a rel=\"noreferrer noopener\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/02\/new-flash-player-zero-day-comes-inside-office-document\/\" target=\"_blank\"> CVE-2018-4878<\/a> (Flash) is still used by some EKs.<\/p>\n<h3>Spelevo EK<\/h3>\n<p>Spelevo EK is a new exploit kit that was <a rel=\"noreferrer noopener\" aria-label=\"identified (opens in a new tab)\" href=\"https:\/\/twitter.com\/kafeine\/status\/1103649040800145409\" target=\"_blank\">identified<\/a> in March 2019 and features the most recent Flash exploit (CVE-2018-15982). Based on our internal tests, Spelevo&#8217;s Flash exploit will check for and avoid virtual machines before delivering its payload.<\/p>\n<figure class=\"wp-block-image\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Spelevo_EK.png\" data-rel=\"lightbox-1\" title=\"\"><img decoding=\"async\" data-attachment-id=\"38559\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/attachment\/spelevo_ek\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Spelevo_EK.png\" data-orig-size=\"676,751\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Spelevo_EK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Spelevo_EK-270x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Spelevo_EK-540x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Spelevo_EK.png\" alt=\"\" class=\"wp-image-38559\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Spelevo_EK.png 676w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Spelevo_EK-270x300.png 270w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Spelevo_EK-540x600.png 540w\" sizes=\"(max-width: 676px) 100vw, 676px\" \/><\/a><\/figure>\n<p>Payloads seen: PsiX Bot, IcedID <\/p>\n<h3>Fallout EK<\/h3>\n<p>Fallout EK is one of the more active exploit kits with some of the more intricate URI patterns. For a while, Fallout was loading its IE exploit <a rel=\"noreferrer noopener\" aria-label=\"via a GitHub PoC (opens in a new tab)\" href=\"https:\/\/twitter.com\/nao_sec\/status\/1100931219242442752\" target=\"_blank\">via a GitHub PoC<\/a>, but it eventually switched back to <a rel=\"noreferrer noopener\" aria-label=\"self-hosting it (opens in a new tab)\" href=\"https:\/\/twitter.com\/EKFiddle\/status\/1116134534989238272\" target=\"_blank\">self-hosting<\/a>.<\/p>\n<figure class=\"wp-block-image\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/FalloutEK.png\" data-rel=\"lightbox-2\" title=\"\"><img decoding=\"async\" data-attachment-id=\"38562\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/attachment\/falloutek-2\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/FalloutEK.png\" data-orig-size=\"675,803\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"FalloutEK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/FalloutEK-252x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/FalloutEK-504x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/FalloutEK.png\" alt=\"\" class=\"wp-image-38562\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/FalloutEK.png 675w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/FalloutEK-252x300.png 252w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/FalloutEK-504x600.png 504w\" sizes=\"(max-width: 675px) 100vw, 675px\" \/><\/a><\/figure>\n<p>Payloads seen: GandCrab, Raccoon Stealer, <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/04\/say-hello-baldr-new-stealer-market\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Baldr (opens in a new tab)\">Baldr<\/a><\/p>\n<h3>Magnitude EK<\/h3>\n<p>Not a lot has changed for Magnitude EK during the past few months, as it continues to target a few Asia Pacific (APAC) countries, and exclusively drops its own Magniber ransomware.<\/p>\n<figure class=\"wp-block-image\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Magnitude_EK.png\" data-rel=\"lightbox-3\" title=\"\"><img decoding=\"async\" data-attachment-id=\"38563\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/attachment\/magnitude_ek-6\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Magnitude_EK.png\" data-orig-size=\"677,813\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Magnitude_EK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Magnitude_EK-250x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Magnitude_EK-500x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Magnitude_EK.png\" alt=\"\" class=\"wp-image-38563\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Magnitude_EK.png 677w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Magnitude_EK-250x300.png 250w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Magnitude_EK-500x600.png 500w\" sizes=\"(max-width: 677px) 100vw, 677px\" \/><\/a><\/figure>\n<p>Payload seen: <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2017\/10\/magniber-ransomware-exclusively-for-south-koreans\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Magniber ransomware (opens in a new tab)\">Magniber ransomware<\/a><\/p>\n<h3>RIG EK<\/h3>\n<p>RIG EK is also one of the popular exploit kits enjoying a wide distribution via malvertising campaigns, such as Fobos. RIG still uses Flash&#8217;s CVE-2018-4878, which comes with its own artifacts.<\/p>\n<figure class=\"wp-block-image\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RIGEK.png\" data-rel=\"lightbox-4\" title=\"\"><img decoding=\"async\" data-attachment-id=\"38565\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/attachment\/rigek-3\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RIGEK.png\" data-orig-size=\"673,772\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"RIGEK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RIGEK-262x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RIGEK-523x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RIGEK.png\" alt=\"\" class=\"wp-image-38565\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RIGEK.png 673w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RIGEK-262x300.png 262w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RIGEK-523x600.png 523w\" sizes=\"(max-width: 673px) 100vw, 673px\" \/><\/a><\/figure>\n<p>Payloads seen: AZORult, Pitou, <a rel=\"noreferrer noopener\" aria-label=\"ElectrumDoSMiner (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/04\/electrum-ddos-botnet-reaches-152000-infected-hosts\/\" target=\"_blank\">ElectrumDoSMiner<\/a><\/p>\n<h3>Underminer EK<\/h3>\n<p>Underminer EK is distinct from its counterparts for its overkill obfuscation of Internet Explorer and Flash exploits, but more importantly for its unorthodox <a rel=\"noreferrer noopener\" aria-label=\"Hidden Bee (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/07\/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit\/\" target=\"_blank\">Hidden Bee<\/a> payload.<\/p>\n<figure class=\"wp-block-image\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Underminer_EK.png\" data-rel=\"lightbox-5\" title=\"\"><img decoding=\"async\" data-attachment-id=\"38566\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/attachment\/underminer_ek-3\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Underminer_EK.png\" data-orig-size=\"676,752\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Underminer_EK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Underminer_EK-270x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Underminer_EK-539x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Underminer_EK.png\" alt=\"\" class=\"wp-image-38566\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Underminer_EK.png 676w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Underminer_EK-270x300.png 270w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/Underminer_EK-539x600.png 539w\" sizes=\"(max-width: 676px) 100vw, 676px\" \/><\/a><\/figure>\n<p>Payload seen: <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/07\/hidden-bee-miner-delivered-via-improved-drive-by-download-toolkit\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Hidden Bee (opens in a new tab)\">Hidden Bee<\/a><\/p>\n<h3>Router EK<\/h3>\n<p>Router exploit kits are not new (see <a rel=\"noreferrer noopener\" aria-label=\"DNSChanger EK (opens in a new tab)\" href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/home-routers-under-attack-malvertising-windows-android-devices\" target=\"_blank\">DNSChanger EK<\/a>), but they are quite dangerous, as they are part of drive-by attacks that alter your router&#8217;s DNS settings via cross-site request forgery (CSRF). The particular <a rel=\"noreferrer noopener\" aria-label=\"one (opens in a new tab)\" href=\"https:\/\/twitter.com\/david_jursa\/status\/1119573958095974400\" target=\"_blank\">one<\/a> we show here (<a rel=\"noreferrer noopener\" href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/new-exploit-kit-novidade-found-targeting-home-and-soho-routers\/\" target=\"_blank\">Novidade<\/a>) targets Brazilian users. The end goal is typically to redirect users to phishing websites with victims being none the wiser.<\/p>\n<figure class=\"wp-block-image\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RouterEK.png\" data-rel=\"lightbox-6\" title=\"\"><img decoding=\"async\" data-attachment-id=\"38568\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/attachment\/routerek\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RouterEK.png\" data-orig-size=\"676,1735\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"RouterEK\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RouterEK-117x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RouterEK-234x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RouterEK.png\" alt=\"\" class=\"wp-image-38568\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RouterEK.png 676w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RouterEK-117x300.png 117w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/RouterEK-234x600.png 234w\" sizes=\"(max-width: 676px) 100vw, 676px\" \/><\/a><\/figure>\n<p>Payload seen: DNS changer<\/p>\n<h3>Mitigation<\/h3>\n<p>Malwarebytes users are protected against these exploits kits, thanks to our anti-exploit and web protection technologies. The animation below features Malwarebytes Endpoint Protection and Response, one of our <a rel=\"noreferrer noopener\" aria-label=\"business product (opens in a new tab)\" href=\"https:\/\/www.malwarebytes.com\/business\/\" target=\"_blank\">business products<\/a>, and shows how it blocks each of these attacks.<\/p>\n<figure class=\"wp-block-image\"><a href=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/ek_spring_2019.gif\" data-rel=\"lightbox-7\" title=\"\"><img decoding=\"async\" data-attachment-id=\"38574\" data-permalink=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/attachment\/ek_spring_2019\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/ek_spring_2019.gif\" data-orig-size=\"889,719\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"ek_spring_2019\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/ek_spring_2019-300x243.gif\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/ek_spring_2019-600x485.gif\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/05\/ek_spring_2019.gif\" alt=\"\" class=\"wp-image-38574\"\/><\/a><\/figure>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/\">Exploit kits: spring 2019 review<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: J\u00e9r\u00f4me Segura| Date: Tue, 14 May 2019 15:57:05 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/' title='Exploit kits: spring 2019 review'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2018\/06\/shutterstock_1033292395-3.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>In this edition, we review active and unique exploit kits hitting consumers and businesses over the spring season.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/threat-analysis\/exploits-threat-analysis\/\" rel=\"category tag\">Exploits<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/threat-analysis\/\" rel=\"category tag\">Threat analysis<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/eks\/\" rel=\"tag\">EKs<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/exploit-kits\/\" rel=\"tag\">exploit kits<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/fallout\/\" rel=\"tag\">Fallout<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/magnitude\/\" rel=\"tag\">Magnitude<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/rig\/\" rel=\"tag\">RIG<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/router-ek\/\" rel=\"tag\">Router EK<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/spelevo\/\" rel=\"tag\">Spelevo<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/underminer\/\" rel=\"tag\">Underminer<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/' title='Exploit kits: spring 2019 review'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2019\/05\/exploit-kits-spring-2019-review\/\">Exploit kits: spring 2019 review<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11787,10528,10987,19945,7871,11589,21790,21791,10494,19148],"class_list":["post-15309","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-eks","tag-exploit-kits","tag-exploits","tag-fallout","tag-magnitude","tag-rig","tag-router-ek","tag-spelevo","tag-threat-analysis","tag-underminer"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15309"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15309\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15309"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}