DDI RULE 2354

EXPLOYT variants may arrive on a system bundled with malware or grayware packages, or hosted on a website and runs when a user accesses said website. EXPLOYT malware takes advantage of certain vulnerabilities to download malicious files onto the affected system. It does this by using an exploit kit that allows anattacker to take advantage of most known vulnerabilities. Successful exploitation of the vulnerabilities executes a shell code which will trigger the download and execution of malware. Most of the downloaded files can give criminals remote control over the infected machine, and thus steal user-critical information such as online banking login credentials, email passwords and the like. Systems infected with EXPLOYT malware may be considered security-compromised. This Trojan arrives as a component bundled with malware/grayware packages. It takes advantage of certain vulnerabilities.

Attack Phase: Intelligence Gathering

Protocol: HTTP

Risk Type: MALWARE

Threat Type: Malicious Behavior

Confidence Level: High

Severity: High(Outbound)

DDI Default Rule Status: Enable

APT Related: NO