2015-05-27 - Exploit Integration

CVE-2015-3090 (Flash up to and Exploit Kits

As spotted by FireEye Angler EK is now exploiting CVE-2015-3090 patched with Flash

Angler EK :

Only in few instances for now.
Angler EK successfully exploiting Flash on Windows 7 running Internet Explorer 11
to push Bedep and an Adfraud module.
Sample in that pass : 6cb6701ba9f78e2d2dc86d0f9eee798a
Fiddler sent to VT

Nuclear Pack :

Thanks to Dan Caselden (FireEye), Timo Hirvonen (F-Secure) and Ladislav Janko (Eset) for CVE identification.
Nuclear Pack successfully exploiting  Flash in Internet Explorer 11 on Windows 7
to push Andromeda
Sample in that pass : 9545257d3799f1b4d9cc00ae01a1b147
Fiddler sent to VT

Magnitude :

Thanks to Anton Ivanov ( Kaspersky )  for CVE identification.
Magnitude exploiting Flash  to drop Cryptowall
Sample in that pass : 645162c4eca4a8ec5a5d7d3f4f8b57fe
Fiddler sent to VT

Neutrino :

Thanks to Anton Ivanov ( Kaspersky )  and Microsoft for CVE indentification.
Neutrino exploiting Flash to drop Andromeda
Sample in that pass : 4e543ae5bafe9a1a1a8f6e8923c5d8a8
Fiddler sent to VT


Thanks to Matt Oh (Microsoft ) for CVE id confirmation

RIG firing a flash containing code to exploit CVE-2015-3090
to drop Urausy (sic) 2015-06-06
Sample in that pass : 1471988ec0f4c15b0d3b4d728af080d9
Fiddler sent to VT.

Read more :
Angler EK Exploiting Adobe Flash CVE-2015-3090 - 2015-05-26 - Sai Omkar Vashisht, Corbin Souffrant, Yasir Khalid, Dan Caselden  - FireEye

Post Publication Reading :
Adobe Flash Player ShaderJob Buffer Overflow - 2015-06-19 - PacketStorm