← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
GreenFlash Sundown exploit kit expands via large malvertising campaign
WHITE AlienVault 2019-06-26 Modified: 2019-06-26
12
IOCs
MEDIUM VOLUME
Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. However, during the past few days Malwarebytes noticed a spike in their telemetry for what appeared to be a new exploit kit. Upon closer inspection they realized it was actually the very elusive GreenFlash Sundown EK.
GreenFlashSundownmalvertisingExploit Kit
Indicators of Compromise (12)
All hostname domain FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
hostname www.fastimage.site 2019-06-26
domain adsfast.site 2019-06-26
domain fastimage.site 2019-06-26
FileHash-SHA256 591e7f5eb141c22919a406508f63a558e3bd732fe38844cedbbea938d666e78b 2019-06-26
FileHash-SHA256 9ff00b46b949bd76923137c0b0ed3cd4e252d6e88a55e9b4798525fa40164850 2019-06-26
FileHash-SHA256 c772bdf4bd05ab63d90f4399e97a1d7eec2891c221739e3b843f9a8c9eddf4d3 2019-06-26
FileHash-SHA256 a89591555b9acb65353c2b854e582bc41db2fbc0eda2210b89a877d1862084df 2019-06-26
FileHash-SHA256 58002d0b8acd1a539503d8ea02ff398e7ad079e0b856087f0ca30d767588be4e 2019-06-26
URL http://adsfast.site/ 2019-06-26
URL http://accomplishedsettings.cdn-cloud.club/ 2019-06-26
URL http://fastimage.site/ 2019-06-26
hostname accomplishedsettings.cdn-cloud.club 2019-06-26
References (1)
↗ https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/