Empire Pack EK
The Empire Pack EK (Exploit Kit) is a toolset of scripts and programs that attack vulnerabilities in widely used software. The Empire Pack Exploit Kit was developed to spread ransomware initially. The Empire Pack EK emerged in October 2016, and new features were added in 2017 and 2018, which reflect a shift in the attacks that involve the EK. Evidence from Web traffic analysis shows that the Empire Pack EK shifted focus from ransomware to the dispersal of banking Trojans and PoS malware.
The Empire Pack EK is associated with massive malvertising (the term refers to malware being deployed via advertisements) campaigns that leverage insecure ad platforms. The Empire Pack EK is notable for its advanced traffic distribution panel that allows accurate Web browser targeting and quick identification of old versions of Adobe Flash Player. Also, the Empire Pack EK enables threat actors to set up geo-restricted URL redirects and run highly customized malvertising attacks. The Empire Pack EK has been connected to backdoor Trojans like Gootkit, banking threats like Dridex, and encryption threats like the BandarChor Ransomware. We recommend PC users keep their Internet-facing applications up-to-date and use a reliable combination of a firewall and a dedicated security product.