Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop
CoolEK1.png
Botnet
Malware
Botnet/malware group
Exploit kits Cool Exploit Kit
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-10-09
Editor/Conference
Link http://malware.dontneedcoffee.com/2012/10/newcoolek.html (Archive copy)
Author Kafeine
Type

Abstract

Few days ago i discovered that a bunch of reverse proxies that I was linking to same Blackhole Exploit Kit were in fact linked to 2 different Blackhole (quite surely operated by same team - I saw reverse proxies being redirected from one server to another one)

Trying to build a signature to know which server was behind a specific reverse, I found a new exploit kit.

Bibtex

 @misc{Kafeine2012BFR1226,
   editor = {},
   author = {Kafeine},
   title = {Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop},
   date = {09},
   month = Oct,
   year = {2012},
   howpublished = {\url{http://malware.dontneedcoffee.com/2012/10/newcoolek.html}},
 }