<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><!--more--> <p>&nbsp;</p> <p>Exploit Kits are continuously evolving. As one disappears, another may rise. One Exploit Kit (EK), Nebula, was recently discovered and reported by cyber researcher <a href="http://malware.dontneedcoffee.com/2017/03/nebula-exploit-kit.html?m=1" target="_blank">Kafeine</a>.</p> <p>Kafeine uncovered&nbsp;the leads of a&nbsp;previously&nbsp;known EK, Sundown, with slight deviations. Named Nebula EK, the one&nbsp;difference between these two Exploit Kits, as reported by Kafeine, is Nebula’s internal <a href="https://malwarebreakdown.com/2016/12/23/traffic-distribution-system-is-funneling-traffic-to-rig-v-exploit-kit/" target="_blank">TDS</a>. (TDS is a gate that is used to redirect visitors to various content)</p> <p>This EK, similar to its predecessor, is capable of:</p> <ul> <li>Automatic domain scanning and generating (99% FUD)</li> <li>Exploit rate tested in different traffic</li> <li>Knock rate tested with popular botnets</li> <li>Custom domains &amp; servers</li> <li>Unlimited flows &amp; files</li> <li>And more</li> </ul> <p><a href="http://www.malware-traffic-analysis.net/2017/03/02/index.html" target="_blank">Malware-Traffic-Analysis</a> reported that DiamondFox malware is being distributed by Nebula. DiamondFox malware is capable of information disclosure (specifically credentials and financial information) and known for&nbsp;<a href="http://sensorstechforum.com/diamondfox-botnet-steals-financial-information/" target="_blank">attacks</a>&nbsp;on point of sale systems.</p> <p>&nbsp;</p> <p>ThreatSTOP IP Firewall Service and DNS Firewall Service protect against <strong>Nebula EK</strong>’s latest campaign and recent activity from <strong>DiamondFox</strong> malware, if TSCritical targets in policies are enabled.</p></span>
