Sweet Orange is a type of exploit kit, or in other words, malicious code found on compromised websites with the intention to find vulnerabilities on a computer by which said computer can be infected. In addition to compromised websites, they also operate deliberate traps that users get redirected to. Sweet Orange also uses malvertising, where malicious advertisements are placed on legitimate websites.
Exploit kits are efficient and effective tools for cybercriminals to distribute malware. Exploit kits include exploits for multiple vulnerabilities within a single malicious webpage. Cybercriminals are able to check for vulnerabilities in operating systems, web browsers, and browser plugins so as to launch an exploit specific to the identified vulnerability. And this is how Nuclear operates.
Fiesta is an exploit kit that checks the user’s browser and the versions of the plugins he is using. That is how it determines which exploits can be successfully served. This means that if you happen to come across a Fiesta landing page with multiple vulnerable products, this will lead to receiving exploits for all of them.
HanJuan is a stealthy exploit kit specialized in exploiting vulnerabilities in Internet Explorer, Silverlight, and Adobe Flash Player. Their attack vectors differ so much that it is sometimes hard to identify the exploit kit as HanJuan. They have been known to use redirects as well as serving malicious advertisements (malvertising). Due to advanced evasion techniques, which include IP blacklisting and using geolocation, the malware drops instigated by this exploit kit are often hard to reproduce and analyze.
Angler was one of the leading exploit kits used by cybercriminals to distribute malware ranging from ransomware and banking Trojans to ad fraud. Like most other exploit kits, it focused on web-based vulnerabilities in the browsers and their plugins. Angler was one of the few exploit kits during its time that offered fileless infections, where malware never touches the disk and only resides in memory to avoid detection. Angler has been inactive since June 2016.