Disdain Exploit Kit
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 243 |
| First Seen: | August 16, 2017 |
| Last Seen: | November 1, 2021 |
| OS(es) Affected: | Windows |
The Disdain Exploit Kit is an exploit kit used to carry out attacks on computer users. Exploit kits like the Disdain Exploit Kit are components that may be used on a website to exploit known vulnerabilities in the visitors' computers. These vulnerabilities may then be used to install threats, collect data, or carry out any other attacks. The Disdain Exploit Kit appeared recently on the market and is available for rent by day, week, or monthly payments of 80 USD, 500 USD or 1400 USD. The Disdain Exploit Kit is being distributed on underground forums on the Dark Web and is being developed by a threat developer that goes by the name 'Cehceny.'
Exploit kits tend to rise and decline in popularity, as new exploits are discovered and exploited. For a while, Angler and Nuclear where the two exploit kits that were used widely, but as they declined in popularity, the Sundown Exploit Kit took its place. Sundown has been inactive since early 2017 and seems to be replaced by the Terror Exploit Kit. The Disdain Exploit Kit has entered the scene to compete with this and another popular exploit kit, Nebula. The Disdain Exploit Kit's edge against its competitors is it slow price. For example, a similar exploit kit is being rented for 100 USD, 600 USD, and 2000 USD daily, weekly, and monthly currently, which is more expensive than the Disdain Exploit Kit significantly.
The Powerful Features Presented by the Disdain Exploit Kit
The advertisements for the Disdain Exploit Kit appear on Russian language websites on the Dark Web. According to these advertisements, the following features are included in the Disdain Exploit Kit:
- Domain Rotator
- RSA Key exchange for Exploits
- The panel server is untraceable from the Payload server
- Geolocation available
- Browser & IP tracking
- Scan domain
When a computer user visits a website that is using the Disdain Exploit Kit, the exploit kit may get information about the Web browser used by the visitor and then attempt different exploits that may target that browser in an attempt to deliver threats to the victim's computer. Since the Disdain Exploit Kit is still quite new to the scene, the number of exploits included in the Disdain Exploit Kit's attack is smaller compared to its competitors. However, the Disdain Exploit Kit still manages to carry out an effective attack on the visitors' computers. According to the Disdain Exploit Kit's developers, the following are the exploits that the Disdain Exploit Kit is capable of exploiting in its attack:
CVE-2017-5375 – FF
CVE-2017-3823 – Extension (Cisco Web Ex)
CVE-2017-0037 – IE a
CVE-2016-9078 – FF
CVE-2016-7200 – EDGE + IE a
CVE-2016-4117 – FLASH
CVE-2016-1019 – FLASH
CVE-2016-0189 – IE
CVE-2015-5119 – FLASH
CVE-2015-2419 – IE
CVE-2014-8636 – FF
CVE-2014-6332 – IE
CVE-2014-1510 – FF
CVE-2013-2551 – IE
CVE-2013-1710 – FF
Is the Disdain Exploit Kit being Used in Current Attacks?
Although the Disdain Exploit Kit is being advertised heavily, it seems that the Disdain Exploit Kit is not being used in active threat campaigns currently. The Disdain Exploit Kit's creator has a poor reputation on various hacking forums and is considered a hoax by many. One heartening thing about the state of today's computer security is that exploit kits like the Disdain Exploit Kit are on a rapid decline due to the advanced security features that are in use in most Web browsers that are popular today.
Protecting Your Computer from the Disdain Exploit Kit
The vast majority of exploits that are included in the Disdain Exploit Kit and similar exploit kits have been patched by Web browser developers and security companies. Because of this, the best protection against the Disdain Exploit Kit and similar exploit kits is to be certain that your computer is up to date with the latest security patches and updates. This, coupled with precaution when browsing the Web to avoid corrupted websites and content, can help protect your computer and Web browser from the Disdain Exploit Kit.
