2015-05-27 - Exploit Integration

CVE-2015-3090 (Flash up to 17.0.0.169) and Exploit Kits

As spotted by FireEye Angler EK is now exploiting CVE-2015-3090 patched with Flash 17.0.0.188

Angler EK :
2015-05-26

Only in few instances for now.

Angler EK successfully exploiting Flash 17.0.0.169 on Windows 7 running Internet Explorer 11
to push Bedep and an Adfraud module.
2015-05-27

Sample in that pass : 6cb6701ba9f78e2d2dc86d0f9eee798a

Fiddler sent to VT

Nuclear Pack :
2015-05-29

Thanks to Dan Caselden (FireEye), Timo Hirvonen (F-Secure) and Ladislav Janko (Eset) for CVE identification.

Nuclear Pack successfully exploiting Flash 17.0.0.169 in Internet Explorer 11 on Windows 7
to push Andromeda

Sample in that pass : 9545257d3799f1b4d9cc00ae01a1b147
Fiddler sent to VT

Magnitude :
2015-05-29

Thanks to Anton Ivanov ( Kaspersky ) for CVE identification.

Magnitude exploiting Flash 17.0.0.169 to drop Cryptowall
2015-05-29

Sample in that pass : 645162c4eca4a8ec5a5d7d3f4f8b57fe
Fiddler sent to VT

Neutrino :
2015-06-01

Thanks to Anton Ivanov ( Kaspersky ) and Microsoft for CVE indentification.

Neutrino exploiting Flash 17.0.0.169 to drop Andromeda
2015-06-01

Sample in that pass : 4e543ae5bafe9a1a1a8f6e8923c5d8a8
Fiddler sent to VT

RIG:

Thanks to Matt Oh (Microsoft ) for CVE id confirmation

RIG firing a flash containing code to exploit CVE-2015-3090
to drop Urausy (sic) 2015-06-06

Sample in that pass : 1471988ec0f4c15b0d3b4d728af080d9
Fiddler sent to VT.

Read more :

Angler EK Exploiting Adobe Flash CVE-2015-3090 - 2015-05-26 - Sai Omkar Vashisht, Corbin Souffrant, Yasir Khalid, Dan Caselden - FireEye

Post Publication Reading :
Adobe Flash Player ShaderJob Buffer Overflow - 2015-06-19 - PacketStorm