Will Astrum Fill the Vacuum in the Exploit Kit Landscape?
released on 2017-05-18 @ 11:40:35 PM
Astrum was known to be have been exclusively used by the AdGholas malvertising campaign that delivered a plethora of threats including banking Trojans Dreambot/Gozi (also known as Ursnif, and detected by Trend Micro as BKDR_URSNIF) and RAMNIT (TROJ_RAMNIT, PE_RAMNIT). We’re also seeing Astrum redirected by the Seamless malvertising campaign, which is known for using the Rig exploit kit.