Spelevo Exploit Kit

Spelevo is a new exploit kit primarily targeting users in Western Europe and the USA.

Unlike most exploit kits, Spelevo uses domain shadowing to generate and disguise its landing pages, and redirects targets via 302 cushioning. Once a target user reaches a landing page, Spelevo uses an obfuscated reconnaissance script to identify the user’s operating system, browser type, and plugin version. It with then deploy one of two public exploits for user-after-free vulnerabilities, in Internet Explorer and Adobe Flash respectively, depending on the information collected by the reconnaissance script. If successful, Spelevo will proceed to install its intended payload.

Exploit Kits have one large limitation: Internet Explorer. For exploit kits to operate effectively, adversaries need to take advantage of an antiquated web browser that lacks many of the modern protections designed to defeat this specific type of attack. But the amount of people actively using Internet Explorer continues to dwindle as they migrate either to modern Windows-native web browsers like Edge or to some of the other open-source solutions like Mozilla Firefox and Google Chrome. However, Internet Explorer remains somewhat popular, and exploit kits will always be there to take advantage of its users.

The payload that exploit kits deliver varies. In the instances that Talos observed banking trojans as the primary payload — specifically both IcedID and Dridex have been observed being delivered from Spelevo during this campaign. These types of payloads are common to exploit kits since this is a purely financially motivated attack and banking trojans are an attractive avenue for monetization.

Further details – https://blog.talosintelligence.com/2019/06/spelevo-exploit-kit.html

Indicators of compromise

Domains:
open[.]nylonsneak[.]top
hailey[.]nylonsneak[.]top
goddess[.]nylontruth[.]top
calientes[.]nylontruth[.]top
clasica[.]santarough[.]top
famili[.]clearnubile[.]top
colombia[.]clearnubile[.]top
swallowing[.]flavorideal[.]top
diary[.]motoribyron[.]top
bologna[.]vediocorset[.]top
54[.]armlessdance[.]top
perv[.]armlessdance[.]top
homosexual[.]armlessdance[.]top
clara[.]awesomeablam[.]top
different[.]beestkilroys[.]top
race[.]belarusapple[.]top
charmane[.]belarusapple[.]top
katsumi[.]carmanexteme[.]top
bww[.]cosbyfunnies[.]top
arnold[.]cosbyfunnies[.]top
vodeos[.]galeriebeths[.]top
veronica[.]galeriebeths[.]top
lithuania[.]galeriebeths[.]top
get[.]guerradanger[.]top
name[.]preitymutter[.]top
the[.]sandeerugrat[.]top
marge[.]sandeerugrat[.]top
emule[.]unicornbrune[.]top
candye[.]brunetbebitas[.]top
adora[.]dailysexpress[.]top
famose[.]dailysexpress[.]top
trailery[.]dailysexpress[.]top
mulatas[.]damitahustler[.]top
chaild[.]denizprivatne[.]top
combustion[.]denizprivatne[.]top
talent[.]denudaskalani[.]top
abu[.]fightingsatan[.]top
anziane[.]fightingsatan[.]top
world[.]italyalemanes[.]top
converted[.]minorikeibler[.]top
beastyality[.]minorikeibler[.]top
gore[.]natachafetish[.]top
binary[.]playingactive[.]top
tes[.]satanicenanos[.]top
window[.]aphroditedrink[.]top
breitny[.]barbiereallity[.]top
dyre[.]bloggerlolicon[.]top
filmmaking[.]bloggerlolicon[.]top
asturias[.]freakylanguage[.]top
delco[.]graffitoandnot[.]top
tanto[.]ingyenesrusian[.]top
punker[.]militarymagyar[.]top
break[.]periodherstory[.]top
chantelle[.]periodherstory[.]top
tes[.]teannapostales[.]top
absolutely[.]caballerosricky[.]top
pete[.]clothedcalcutta[.]top
foley[.]clothedcalcutta[.]top
natural[.]fantasygisselle[.]top
copii[.]gratuitekrystal[.]top
bailey[.]gratuitekrystal[.]top
dating[.]leilanihardcord[.]top
powerpuff[.]mancicdreadlock[.]top
adina[.]teasingfreehome[.]top
animay[.]tranniefotologs[.]top
qwerty[.]virusemoticonos[.]top
erotic[.]bridgettepromise[.]top
socal[.]carmellanightelf[.]top
ameuter[.]carmellanightelf[.]top
high[.]cartoonseverinin[.]top
sample[.]cartoonseverinin[.]top
groups[.]chabertcigarette[.]top
book[.]emblemliterotica[.]top
diary[.]ghanaiansorority[.]top
taylors[.]ghanaiansorority[.]top
spit[.]natashayoungster[.]top

IPs:
95.211.5[.]242

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: