2015-12-15 - Exploit Integration

CVE-2015-8446 (Flash up to And Exploit Kits

One week after patch Flash is being exploited by Angler EK via CVE-2015-8446

Angler EK :
CVE identification by Anton Ivanov ( Kaspersky ) and FireEye  (Thanks !)
Angler EK exploiting Flash via CVE-2015-8446

Sample in that pass : b5920eef8a3e193e0fc492c603a30aaf
Sample from other Angler EK instance : 0615fb9e037b7bf717cc9b04708e51da 720089b93a0f2bb2a72f1166430de522

Fiddler sent to VT.
(Not replayable. You know how to contact me to land on live instances. I might not reply to mail coming from gmail,live,yahoo etc...  mailboxes)

Out of topic : in that pass Bedep BuildID 5004 is loaded in Memory and is then grabbing those 2 dll in a stream
d65f155381d26f8ddfa304c83b1ad95a (Credential Stealer)
and after that performing Adfraud

Last safe version of Flash against commercial exploit kit  was fixing CVE-2015-7645

Post publication readings :
(Google Translate) Angler EK latest CVE-2015-8446 Flash Exploit analysis - 2015-12-19 - Qihoo360