The CVE-2015-7645 has been fixed with Adobe Flash Player 220.127.116.11. Spotted in the wild (2015-10-13) in APT28's exploit kit by TrendMicro, this exploit was already reported 2 weeks before (2015-09-29) to Adobe by Natalie Silvanovich.
I reported the Flash 0-day (CVE-2015-7645) two weeks before it was found in the wild https://t.co/nYeAWRG5jO— Natalie Silvanovich (@natashenka) 16 Octobre 2015
It has now made its way to Exploit Kit
Angler EK :
CVE id confirmed by Kaspersky.
|Angler EK successfully exploiting Flash 18.104.22.168|
Another sample : bea824974f958ac4efc58484a88a9c18
One more from the Poweliks instance : 0d72221d41eff55dcfd0da50cd1c545e
Not replayable fiddler sent to VT
a9d5a9a997954f5421c94ac89d2656cd Vawtrak ( < that one was not expected in that infection path)
Nuclear Pack which has been playing with landing URI pattern lately has integrated it
|CVE-2015-7645 in Nuclear Pack on 2015-10-30|
Out of topic payload : 0b3de2a8d838883e10a1d824d20fe95c Kelihos Loader (harsh02)
Fiddler sent to VT
|Magnitude trying to exploit CVE-2015-7645|
No payload but the actor behind that thread would like to see you Cryptowalled. Update might come.
Without surprise as Spartan is the work of the coder of Nuclear Pack.
Note : old version of Chrome <= 43.0.257 and Firefox < 38 seems to be falling as well
Spartan pushing Pony and Alphacrypt via CVE-2015-7645
Sample in that pass : 1c074c862d3e25ec9674e6bd62965ad8 (another one: 66f34cd7ef06a78df552d18c729ae53c )
(out of topic payload : Pony: 29c940f9d0805771e9c7ec8a5939fa25 (22.214.171.124 /myadvert/autoget.php) and Cryptowall 74ebff4acc4ad9c2a2e665ff293c02e6 NB earlier today drops were Pony and Alphacrypt )
Fiddler sent to VT
Most probably appeared 2015-10-16
|Necurs being dropped by Neutrino via CVE-2015-7645|
(Out of topic payload : Necurs a83a96e87e80adef1e4598a645f2918c )Fiddler sent to VT
Read More :
Adobe Flash: Type Confusion in IExternalizable.writeExternal When Performing Local Serialization - 2015-09-29 - Natalie Silvanovich
New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries - 2015-10-13 - Feike Hacquebord - Brooks Li - Peter Pi - TrendMicro
Latest Flash Exploit Used in Pawn Storm Circumvents Mitigation Techniques - 2015-10-16 - Peter Pi - TrendMicro