Sweet Orange is a type of exploit kit, or in other words, malicious code found on compromised websites with the intention to find vulnerabilities on a computer by which said computer can be infected. In addition to compromised websites, they also operate deliberate traps that users get redirected to. Sweet Orange also uses malvertising, where malicious advertisements are placed on legitimate websites.
Exploit kits are efficient and effective tools for cybercriminals to distribute malware. Exploit kits include exploits for multiple vulnerabilities within a single malicious webpage. Cybercriminals are able to check for vulnerabilities in operating systems, web browsers, and browser plugins so as to launch an exploit specific to the identified vulnerability. And this is how Nuclear operates.
Fiesta is an exploit kit that checks the user’s browser and the versions of the plugins he is using. That is how it determines which exploits can be successfully served. This means that if you happen to come across a Fiesta landing page with multiple vulnerable products, this will lead to receiving exploits for all of them.
HanJuan is a stealthy exploit kit specialized in exploiting vulnerabilities in Internet Explorer, Silverlight, and Adobe Flash Player. Their attack vectors differ so much that it is sometimes hard to identify the exploit kit as HanJuan. They have been known to use redirects as well as serving malicious advertisements (malvertising). Due to advanced evasion techniques, which include IP blacklisting and using geolocation, the malware drops instigated by this exploit kit are often hard to reproduce and analyze.