← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
GreenFlash Sundown exploit kit expands via large malvertising campaign
WHITE AlienVault 2019-06-26 Modified: 2019-06-26
12
IOCs
MEDIUM VOLUME
Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. However, during the past few days Malwarebytes noticed a spike in their telemetry for what appeared to be a new exploit kit. Upon closer inspection they realized it was actually the very elusive GreenFlash Sundown EK.
GreenFlashSundownmalvertisingExploit Kit
Indicators of Compromise (2 / 12 total)
All hostname domain FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
hostname www.fastimage.site 2019-06-26
hostname accomplishedsettings.cdn-cloud.club 2019-06-26
References (1)
↗ https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/