The year is 2015 and a threat actor is using the defunct Blackhole exploit kit in active drive-by download campaigns via compromised websites.
We noticed Java and PDF exploits collected by our honeypot which we havent seen in ages. Looking closer at the structure of this attack, we were surprised when we realized this was the infamous Blackhole.
Source: Blast from the Past: Blackhole Exploit Kit Resurfaces in Live Attacks
Blackhole's back: Hated exploit kit returns from the dead