Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Top 10 Exploit Kits

Exploit Kits Description
SofosFO/Stamp Exploit Kit The exploit kit, also known as GrandSoft, uses compromised websites to infect users with browser vulnerabilities containing Flash or Java components. The exploit kit is used to infect victims with ransomware, miners, and various Trojans.
Neutrino Exploit Kit Neutrino and its predecessor Neutrino-v are popular exploit kits that surged in mid-2016. They are known for using compromised sites and malvertising to infect users with various malware.
Empire Pack Exploit Kit The exploit kit, also referred to RIG-E, surfaced in September 2016 and takes advantage of flaws in Microsoft and Adobe software.
Magnitude Exploit Kit Also known as Popads, Magnitude is used in malvertising attacks to infect victims who visit compromised websites.
RIG Exploit Kit RIG is spread via suspicious advertisements that have been inserted into legitimate websites. The VIP version of the exploit kit, RIG-v, appeared in 2016 and uses new URL patterns.
Terror Exploit Kit The exploit kit was discovered in late 2016 and its codebase is from the Sundown exploit kit. The main focus of the exploit kit is to turn infected systems into miners for the Monero cryptocurrency.
Nebula Exploit Kit Nebula, a re-brand of the Sundown exploit kit, is available for rent by the day, week, or month on underground forums and offers support to both Russian and English speaking customers.
Bizarro Sundown Exploit Kit The exploit kit, also known as GreenFlash, was first spotted in October of 2016 and is a predecessor to the Sundown exploit kit. The private EK is only used by the ShadowGate group (aka WordsJS).
Nuclear Exploit Kit Nuclear is a popular kit using the malware-as-a-service business model. In 2016 researchers speculated that it makes around $100,000 per year.
ThreadKit Exploit Kit The exploit kit is used to create malicious Microsoft Office documents in an attempt to exploit a range of Microsoft vulnerabilities. The builder is sold on the Dark Web and has been used to infect victims with various malware including FormBook, Loki Bot, Trickbot, and Chthonic.