2015-06-28 - Exploit Integration

CVE-2015-3113 (Flash up to 18.0.0.160) and Exploit Kits

Patched four days ago (2015-06-23) with Flash 18.0.0.194, the CVE-2015-3113 has been spotted as a 0day by FireEye, exploited in limited targeted attacks. It's now making its path to Exploit Kits

Magnitude :
2015-06-27

Magnitude successfuly exploiting Flash 18.0.0.160 on IE11 in Windows 7 on 2015-06-27
Dropping 2 instances of Cryptowall Ransomware

Sample in that pass :
SWF : ee3f5baf3abfcdab044fccf89ec41746
FLV : 12965c39fdc1772c0e966b17d9bc66f4
Fiddler sent to VT

Angler EK :
2015-06-29

Angler EK exploiting Flash 18.0.0.160 on IE11 in Windows 7 the 2015-06-29
Dropping Kelihos Loader suba002.

Sample in that pass : c0050df92453cb74bc67156f955f16af
Fiddler sent to VT.

Nuclear Pack:
2015-07-01

Nuclear Pack exploit CVE-2015-3113 - 2015-07-01

Sample in that pass : fe02162a66d69390387546da10f471ac
Fiddler sent to VT

RIG :
2015-07-01

RIG exploiting CVE-2015-3113 - 2015-07-01

Sample in that pass : acddddb999edeb9188ebc3e6b0177854

Fiddler sent to VT

Neutrino :
2015-07-01

Neutrino takes advantage of CVE-2015-3113 - 2015-07-01

Sample in that pass: f6ad811cd610b97fba4be4d1cb554fd7
Fiddler sent to VT

Read More :
Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign - 2015-06-23 - FireEye
New Adobe Zero-Day Shares Same Root Cause as Older Flaws - 2015-06-24 - Peter Pi - TrendMicro