Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop
Jump to navigation
Jump to search
(Publication) Google search: [1]
Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop | |
---|---|
Botnet | |
Malware | |
Botnet/malware group | |
Exploit kits | Cool Exploit Kit |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-10-09 |
Editor/Conference | |
Link | http://malware.dontneedcoffee.com/2012/10/newcoolek.html (Archive copy) |
Author | Kafeine |
Type |
Abstract
“ Few days ago i discovered that a bunch of reverse proxies that I was linking to same Blackhole Exploit Kit were in fact linked to 2 different Blackhole (quite surely operated by same team - I saw reverse proxies being redirected from one server to another one)
Trying to build a signature to know which server was behind a specific reverse, I found a new exploit kit.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1226, editor = {}, author = {Kafeine}, title = {Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop}, date = {09}, month = Oct, year = {2012}, howpublished = {\url{http://malware.dontneedcoffee.com/2012/10/newcoolek.html}}, }