Thursday, May 22, 2025
HomeCVE/vulnerabilityImproved Fallout Exploit Kit - Now supports HTTPS and Flash exploit (CVE-2018-15982)

Improved Fallout Exploit Kit – Now supports HTTPS and Flash exploit (CVE-2018-15982)

Published on

SIEM as a Service

Follow Us on Google News

Fallout is an exploit kit (EK) first identified at the end of August 2018. It was first seen as a part of a malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and others in the Asia Pacific.

Fallout was observed exploiting vulnerabilities CVE-2018-4878 and CVE-2018-8174 and distributing the Gandcrab ransomware to users in the Middle East.

After some gap, the fallout emerges with more exploits pack and more advanced in delivering the malwares. Fallout EK is distributed via malvertising chains (one of them we track under the name HookAds), especially through adult traffic.

- Advertisement - Google News

The revised Fallout EK boasts several new features, including integration of the most recent Flash Player exploit. Security researchers identified that Fallout is now the second exploit kit to add CVE-2018-15982.

Fallout EK 2019 highlights:

  • HTTPS support
  • New landing page format
  • New Flash exploit (CVE-2018-15982)
  • Powershell to run payload

According to the underground advert promoting Fallout EK, “The code obfuscation and landing generation mechanism has been completely redesigned” and the exploit kit now comes with “Increased performance.” 

The same underground ad mentions the removal of the Internet Explorer CVE-2018-8373 RCE vulnerability because of its unstable flow rate.

Possibility of other payloads

The other payloads now disseminated via Fallout are Smokebot which was seen installing Azorult, Tinynuke+Azorult, Dridex, the ServHelper tunnel variant, and other malware strains not yet identified.

Indicators of Compromise

185.56.233[.]186 HookAds Campaign

51.15.35[.]154 Fallout EK

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Latest articles

Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication

Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network...

Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack

Coinbase users have become the prime targets of an intricate social engineering campaign since...

Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection

The AhnLab Security Intelligence Center (ASEC) has uncovered a new strain of backdoor malware...

Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks

GitLab has issued critical security patches addressing 11 vulnerabilities across its Community Edition (CE)...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection

The AhnLab Security Intelligence Center (ASEC) has uncovered a new strain of backdoor malware...

New Process Injection Technique Evades EDR by Injecting Malicious Code into Windows Processes

Researchers revealed this method exploits shared memory regions and thread context manipulation to execute...

Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs...