2012-08-30 - Evolution

CVE-2012-4681 - Redkit Exploit Kit - I want Porche Turbo


Not making the headlines but yet effective (doesn't need a 0 day to reach 20% break) Redkit Exploit Kit has also (again...no news here) integrated the last Vulnerability from java.

polremo.pl/censored.html
Funny message on successful trigger of Redkit Landing page


[[ Remind me one of the first domain for Gimemo Ransomware landings : "nextcarferrari.com"
Domain used in Gimemo Ransom campaign
]]

polremo.pl/88censored.jar --> 5b0bc70c76c7c48fc34105591e5837fe
polremo.pl/33censored.jar (HTTP 404)

CVE-2012-4681 piece of code found in a jar dropped by Redkit Exploit kit
In fact, was expecting more obfuscation in the code from this finely tuned EK
Note, as for Sakura, the final payload did not reach the targeted computer (but can't tell why).

Post of this blog about Redkit :
Inside RedKit Exploit Kit - Exploit Kit Customer Control Panel 2012-05-05
#Redkit not so red anymore - Adaptation in action 2012-05-08
Redkit - one account = one color 2012-06-22