large-logo-mcafee-dark

Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Exploit Kits

Exploit Kits Description
Neutrino Exploit Kit Neutrino and its predecessor Neutrino-v are popular exploit kits that surged in mid-2016. They are known for using compromised sites and malvertising to infect users with various malware.
Magnitude Exploit Kit Also known as Popads, Magnitude is used in malvertising attacks to infect victims who visit compromised websites. The exploit kit is known to infect users with a range of ransomware with a focus on users in South Korea.
ThreadKit Exploit Kit The exploit kit is used to create malicious Microsoft Office documents in an attempt to exploit a range of Microsoft vulnerabilities. The builder is sold on the Dark Web and has been used to infect victims with various malware including FormBook, Loki Bot, Trickbot, and Chthonic.
Underminer Exploit Kit The exploit kit protects its own exploit code and C2 traffic with RSA encryption and takes advantage of flaws in Microsoft Internet Explorer and Adobe Flash Player to infect users with a range of malware including crypto-miners and bootkits.
Fallout Exploit Kit The exploit kit was discovered in August 2018 and takes advantage of flaws in Adobe Flash Player and Microsoft Windows. A successful infection will allow the attacker to download additional malware onto the victims computer.
Spelevo Exploit Kit The exploit kit was discovered in early 2019 and exploits a flaw in Adobe Flash Player to drop the GootKit Trojan. A Microsoft Windows scheduled task is created during infection to make the payload persistent.
Radio Exploit Kit The exploit kit was discovered in mid-2019 and is currently only taking advantage of a flaw in Microsoft Windows to deliver malware. The exploit kit is not as advanced as others on the threat landscape but continues to grow.
Capesand Exploit Kit The exploit kit targets vulnerabilities in Adobe Flash Player and Microsoft Internet Explorer and any threat actor can download and use the front-end source code on their own servers. Capesand differs from other exploits kits by not including the exploits with the source code but instead requires the kit to request the exploit through an API request to the Capesand server.
Bottle Exploit Kit The exploit kit was discovered in late 2019 and targets vulnerabilities in Adobe Flash Player and the VBScript engine in Microsoft Windows. The EK only targets Japanese users and redirects victims to a malicious landing page through malvertising campaigns.
Purple Fox Exploit Kit The Purple Fox exploit kit was discovered in mid-2019 and continues to evolve and add additional vulnerabilities to its arsenal. The exploit kit uses steganography, virtualization methods, PowerShell, and obfuscation to stay under the radar of security tools and to make analysis more difficult.