Spelevo Exploit Kit
The Spelevo Exploit Kit is a program that the threat actors developed around a vulnerability found in the Windows VBScript Engine. The Windows VBScript Engine allows various programs to use shared resources to complete common tasks like downloading content from the Web and enabling interactive documents and presentations. The Spelevo Exploit Kit may be embedded into advertisements on the Internet, spam emails, Microsoft Word documents and PDF files. The hackers use the Spelevo Exploit Kit to exploit the way Windows handles objects in the system memory and runs a harmful code on remote computers. As stated above, the Spelevo Exploit Kit is designed to exploit a vulnerability dubbed CVE-2018-15982, which refers to a more descriptive name — Windows VBScript Engine Remote Code Execution Vulnerability. Once, the Spelevo Exploit Kit is loaded in Windows, it connects to a remote server and waits for a response. The people behind the Spelevo Exploit Kit receive an update that a host has been compromised and a command to download a particular payload is sent.
The following addresses have been found to distribute data to compromised machines:
anamal.microticket[.]xyz
bintang.microticket[.]xyz
celeb.bestseedtodo[.]xyz
escort.microticket[.]xyz
firstbestautoupadter[.]xyz
gushing.bestseedtodo[.]xyz
locked.microticket[.]xyz
meathole.microticket[.]xyz
single.microticket[.]xyz
taryn.flashticket[.]xyz
zero.searchreader[.]xyz
The list shown above is not complete since there are dozens of domains used with the Spelevo Exploit Kit. AV vendors have turned their attention towards data packets from the 185.56.233[.]186, the 194.113.107[.]71, and the 85.17.197[.]101 IP addresses, which are related to the Spelevo Exploit Kit. The first weeks of observation revealed that the Spelevo Exploit Kit is used to drop the Gootkit Backdoor Trojan (also seen as Rorpian). The Gootkit cyber threat opens a backdoor to a vulnerable computer, and the threat actors can facilitate various activities without alerting users. The Spelevo Exploit Kit may be leveraged in attacks that aim to drop crypto-jacking software, ransomware and network proxies. You should not open spam emails and click on questionable advertisements if you hope to limit the risk of infection with the variants of Gootkit. Make sure to install the latest security patches to your software and update your virus signatures.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.