ThreatSTOP Blog

Nebula EK: The Rising Exploit Kit Variant

Written by ThreatSTOP Security Team | March 27, 2017

 

Exploit Kits are continuously evolving. As one disappears, another may rise. One Exploit Kit (EK), Nebula, was recently discovered and reported by cyber researcher Kafeine.

Kafeine uncovered the leads of a previously known EK, Sundown, with slight deviations. Named Nebula EK, the one difference between these two Exploit Kits, as reported by Kafeine, is Nebula’s internal TDS. (TDS is a gate that is used to redirect visitors to various content)

This EK, similar to its predecessor, is capable of:

  • Automatic domain scanning and generating (99% FUD)
  • Exploit rate tested in different traffic
  • Knock rate tested with popular botnets
  • Custom domains & servers
  • Unlimited flows & files
  • And more

Malware-Traffic-Analysis reported that DiamondFox malware is being distributed by Nebula. DiamondFox malware is capable of information disclosure (specifically credentials and financial information) and known for attacks on point of sale systems.

 

ThreatSTOP IP Firewall Service and DNS Firewall Service protect against Nebula EK’s latest campaign and recent activity from DiamondFox malware, if TSCritical targets in policies are enabled.