Exploit kit

Description

In the malware distribution area, Exploit Kit(EK) plays a important role. An EK exploit can be seen as a tool kit that contains a bunch of exploits, and they take advantage of vulnerable applications (Flash Player, Internet Explorer, etc) and secretly download and run malware on a target host. Palo Alto Networks also has an excellent EK guide here.

Download Feeds

magnitude.txt

Last update at 1503190980000 .

neutrino.txt

Last update at 1503195367000 .


Events

2016-09-24 :

From 2016-09-24, we notice the neutrino had disapeared from our data.

More info, please check coffee blog.

How we detect EK?

Most of the EK related domains are brand new FQDNs, and most of them are also short lived. From the DNS and URL requests perspective, there are also some interesting behaviors, combing the data from various data sources such as PDNS, whois, HTTP logs..etc, we are able to generate these highly suspicious EK feeds.


Neutrino & Magnitude

Currently, Neutrino EK and magnitude EK are pretty active in China so we make this two feeds public available.

Sample Data

Family TS IP Domain URL
Magnitude 1503190945 37.59.255.208 bf87f4b07h.jobpipe.trade N/A
Magnitude 1503190945 37.59.255.208 da2f4d2gaen0x.jobpipe.trade N/A