This exploit kit was discovered in August 2018 and takes advantage of flaws in Adobe Flash Player and Microsoft Windows. A successful infection will allow the attacker to download additional malware onto the victim's computer.
This campaign reuses a portion of code from the Seasalt implant (circa 2010) that is linked to the Chinese hacking group Comment Crew. Oceansalt appears to have been part of an operation targeting South Korea, the United States, and Canada in a well-focused attack.
This exploit kit is used to create malicious Microsoft Office documents in an attempt to exploit a range of Microsoft vulnerabilities. The builder is sold on the Dark Web and has been used to infect victims with various malware including FormBook, Loki Bot, Trickbot, and Chthonic.
This ransomware uses AES encryption and adds various extensions to infected files. In November 2017 it was discovered that the Necurs botnet was used to spread the malicious software. Multiple variants of the ransomware continue to appear on the threat landscape.
This ransomware appends random extensions to encrypted files and directs the victim to an HTML file for instructions on how to decrypt infected files. The threat actor demands $800 in either bitcoin or DASH for the decryption key. GandCrab 5 also scans network shares and mapped drives to find files to encrypt. The threat actors behind the ransomware use a variety of infection vectors including PowerShell, botnets, exploit kits, Trojanized programs, spear phishing, and remote desktop.