Security Affairs
Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The Disdain exploit kit appears in the threat landscape

The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively. The security researcher David Montenegro discovered a new exploit kit dubbed Disdain that is offered for rent on underground hacking forums by a malware developer using the pseudonym of Cehceny. https://twitter.com/CryptoInsane/status/895151680861253632 The Disdain exploit […]

Disdain exploit kit

The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively.

The security researcher David Montenegro discovered a new exploit kit dubbed Disdain that is offered for rent on underground hacking forums by a malware developer using the pseudonym of Cehceny.

https://twitter.com/CryptoInsane/status/895151680861253632

The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively.

Disdain exploit kit

After the Angler EK and Nuclear EK disappeared from the threat landscape, the Sundown EK conquered the criminal underground.

With the Sundown EK has been inactive since early this year, the Terror EK is being very popular in the cybercriminal ecosystem. The Disdain exploit kit appears very cheap compared to other exploit kits such as Nebula EK, that goes for rent on a daily, weekly, or monthly basis for prices of $100, $600, and $2,000 respectively.

According to security experts at Intsights that found an ad of the Disdain exploit kit on a Russian-speaking forum, its main features are:

  • Domain Rotator
  • RSA Key exchange for Exploits
  • Panel server is untraceable from Payload server
  • Geolocation available
  • Browser & IP tracking
  • Scan domain

When users visit a website hosting the Disdain exploit kit, it gathers info on the specific browser used by the visitor and attempts to use one of the exploits to deliver a malware on the victim’s machine.

Even is the Disdain exploit kit includes a limited number of exploits because it is very young, most of them are newer exploits. Below is the full list of exploits advertise by the author Cehceny:

CVE-2017-5375 – FF
CVE-2017-3823 – Extension (Cisco Web Ex)
CVE-2017-0037 – IE a
CVE-2016-9078 – FF
CVE-2016-7200 – EDGE + IE a
CVE-2016-4117 – FLASH
CVE-2016-1019 – FLASH
CVE-2016-0189 – IE
CVE-2015-5119 – FLASH
CVE-2015-2419 – IE
CVE-2014-8636 – FF
CVE-2014-6332 – IE
CVE-2014-1510 – FF
CVE-2013-2551 – IE
CVE-2013-1710 – FF

Disdain exploit kit

According to the experts at Bleepingcomputer, currently, there is no malvertising campaign or botnet leveraging the Disdain exploit kit because Cehceny is considered a scammer on at least one major underground hacking forum.

“The Disdain ad was first spotted last week. Currently, there is no malvertising campaign or botnet redirecting traffic to any Disdain “landing page,” according to a security researcher who spoke with Bleeping Computer about Disdain but did not want to reveal his name.” wrote Catalin Cimpanu.

“One reason why we haven’t seen any active campaign might be that Disdain’s author — Cehceny — is currently banned and marked as a “ripper” (scammer) on at least one major underground hacking forum.”

Looking at exploit kit market we are assisting to a rapid decline due to the difficulty of finding exploitable flaws in modern browsers.

Currently, most popular exploit kits are RIG, Rig-V, Terror, Magnitude, Kaixin, and Nebula.

Stay tuned!

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Disdain exploit kit, malware)

[adrotate banner=”13″]