DESCRIPTION NAME:

EXPLOYT - HTTP (Request) - Variant 5

 CONFIDENCE LEVEL: HIGH
 SEVERITY INBOUND:
 SEVERITY OUTBOUND:
Informational
Low
Medium
High

  OVERVIEW

EXPLOYT variants may arrive on a system bundled with malware or grayware packages, or hosted on a website and runs when a user accesses said website. EXPLOYT malware takes advantage of certain vulnerabilities to download malicious files onto the affected system. It does this by using an exploit kit that allows anattacker to take advantage of most known vulnerabilities. Successful exploitation of the vulnerabilities executes a shell code which will trigger the download and execution of malware. Most of the downloaded files can give criminals remote control over the infected machine, and thus steal user-critical information such as online banking login credentials, email passwords and the like. Systems infected with EXPLOYT malware may be considered security-compromised. This Trojan arrives as a component bundled with malware/grayware packages. It takes advantage of certain vulnerabilities.

  TECHNICAL DETAILS

Attack Phase: Intelligence Gathering

Protocol: HTTP

Risk Type: MALWARE

Threat Type: Malicious Behavior

Confidence Level: High

Severity: High(Outbound)

DDI Default Rule Status: Enable

APT Related: NO

  SOLUTION

Network Content Inspection Pattern Version: 1.13071.00
Network Content Inspection Pattern Release Date: 24 Oct 2017
Network Content Correlation Pattern Version: 1.12797.00
Network Content Correlation Pattern Release Date: 04 Apr 2017


Did this description help? Tell us how we did.