Cerber ransomware delivered in format of a different order of Magnitude
released on 2017-08-09 @ 07:58:31 PM
The Magnitude exploit kit has been using an XML configuration file critical to retrieving the malware payload (Cerber) for several months already. Magnitude EK is notorious for distributing the Cerber ransomware specifically to certain geolocations, and in particular South Korea, via its own gate, called Magnigate. For a while, we have noticed that Magnitude EK has been using Internet Explorer vulnerabilities without necessarily resorting to Flash exploits. Another interesting artifact part of the EK flow is the use of an XML configuration file which contains JScript code.