Difference between revisions of "Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " malware.dontneedcoffee.com" to "") |
||
Line 5: | Line 5: | ||
|Licence= | |Licence= | ||
|Video= | |Video= | ||
|Link=http://malware.dontneedcoffee.com/2012/10/newcoolek.html | |Link=http://malware.dontneedcoffee.com/2012/10/newcoolek.html | ||
|Author=Kafeine, | |Author=Kafeine, | ||
|NomRevue=Malware.dontneedcoffee.com | |NomRevue=Malware.dontneedcoffee.com |
Latest revision as of 19:00, 7 February 2015
(Publication) Google search: [1]
Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop | |
---|---|
Botnet | |
Malware | |
Botnet/malware group | |
Exploit kits | Cool Exploit Kit |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-10-09 |
Editor/Conference | |
Link | http://malware.dontneedcoffee.com/2012/10/newcoolek.html (Archive copy) |
Author | Kafeine |
Type |
Abstract
“ Few days ago i discovered that a bunch of reverse proxies that I was linking to same Blackhole Exploit Kit were in fact linked to 2 different Blackhole (quite surely operated by same team - I saw reverse proxies being redirected from one server to another one)
Trying to build a signature to know which server was behind a specific reverse, I found a new exploit kit.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1226, editor = {}, author = {Kafeine}, title = {Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop}, date = {09}, month = Oct, year = {2012}, howpublished = {\url{http://malware.dontneedcoffee.com/2012/10/newcoolek.html}}, }