Spelevo exploit kit IOCs

Recently, Malwarebytes Labs captured an unusual change with the Spelevo exploit kit where, after an attempt to trigger vulnerabilities in Internet Explorer and Flash Player, users were immediately redirected to a decoy adult site. Spelevo EK instructs the browser to load this site, which social engineers victims into installing a video codec in order to play a movie. This appears to be an effort from the Spelevo EK operator to double his chances of compromising new machines.

Ursnif/Gozi

7212b70a0cdb4607f577e627211052e37ef01036e9231d9e286fc5e40974fd42

Qbot/Qakbot

1814deb94c42647f946b271fe9fc2baa6adae71df2b84f4854d36eda69979f93
1bbde8cee82550d4d57e4d6ee8faa9cbcbc6bdabf5873e494c47a1eb671fb7b5

Decoy adult site

lookatmyvideo[.]com
185.251.38[.]70

Credits: https://blog.malwarebytes.com/

These IOCs were disclosed by Malwarebytes Labs and can be found here.

Spelevo Exploit Kit

Spelevo exploit kit IOCs

Ursnif/Gozi

Qbot/Qakbot

Decoy adult site

OilRig Iranian Threat Group Install “Poison Frog” Backdoor on Windows By Disguise Legitimate Cisco Tool

Facebook Finally Fixes Its Two-Factor Mess

Spelevo exploit kit IOCs

Ursnif/Gozi

Qbot/Qakbot

Decoy adult site

Share this: