Capesand Exploit Kit
Malware researchers have spotted a new EK (Exploit Kit) circulating the Internet. Its name is the Capesand Exploit Kit, and it was first uncovered in October 2019. After studying the Capesand Exploit Kit, cybersecurity experts believe that the creators of this EK likely lack experience as most of the code appear to be borrowed from already existing hacking tools whose code is available publicly. The Capesand Exploit Kit is a project in progress as it would seem that its creators have not yet finished developing it. Among the people who are utilizing the Capesand Exploit Kit is a hacking group that is known to have used the RIG Exploit Kit previously. It is likely that they have decided to switch to the Capesand Exploit Kit as it is brand-new, and its developers are launching updates constantly. The creators of the Capesand Exploit Kit also add new exploits regularly, which the threat can utilize in its campaigns.
Exploits Vulnerabilities and Plants DarkRAT and njRAT
The Capesand Exploit Kit has been programmed to target vulnerabilities in the Internet Explorer Web browser, as well as in the Adobe Flash software suite. So far, the Capesand Exploit Kit attempts to exploit the following vulnerabilities found in the Internet Explorer browser:
- CVE-2019-0752
- CVE-2018-15982
- CVE-2015-2419
In regards to vulnerabilities linked to the Adobe Flash application, the Capesand Exploit Kit looks for the following vulnerabilities:
- CVE-2018-4878
- CVE-2018-15982
Instead of carrying an unsafe payload, the Capesand Exploit Kit fetches it from a C&C (Command & Control) server, which is hosting the payloads of the additional malware. As soon as the Capesand Exploit Kit detects a vulnerability it can exploit, it will establish a connection with the C&C server and grab the payload, which will then be planted on the compromised host. So far, the Capesand Exploit Kit has been spotted planting two hacking tools on its victims' systems – the DarkRAT (Remote Access Trojan) and the njRAT.
Threats like the Capesand Exploit Kit rely on users who do not update their applications. This is why it is crucial to keep all your software up to date. Furthermore, you should look into obtaining a reputable anti-malware solution, which will make sure you do not fall victim to a threat like the Capesand Exploit Kit.
