Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop

From Botnets.fr
Revision as of 18:00, 7 February 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " malware.dontneedcoffee.com" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop
CoolEK1.png
Botnet
Malware
Botnet/malware group
Exploit kits Cool Exploit Kit
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-10-09
Editor/Conference
Link http://malware.dontneedcoffee.com/2012/10/newcoolek.html (Archive copy)
Author Kafeine
Type

Abstract

Few days ago i discovered that a bunch of reverse proxies that I was linking to same Blackhole Exploit Kit were in fact linked to 2 different Blackhole (quite surely operated by same team - I saw reverse proxies being redirected from one server to another one)

Trying to build a signature to know which server was behind a specific reverse, I found a new exploit kit.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1226,
   editor = {},
   author = {Kafeine},
   title = {Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop},
   date = {09},
   month = Oct,
   year = {2012},
   howpublished = {\url{http://malware.dontneedcoffee.com/2012/10/newcoolek.html}},
 }