SPL exploit kit – now with CVE-2013-0422
Jump to navigation
Jump to search
(Publication) Google search: [1]
| SPL exploit kit – now with CVE-2013-0422 | |
|---|---|
| Botnet | |
| Malware | |
| Botnet/malware group | |
| Exploit kits | SPL Pack |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | CVE-2013-0422, CVE-2012-1723 |
| CCProtocol | |
| Date | 2013 / 2013-01-14 |
| Editor/Conference | |
| Link | http://ondailybasis.com/blog/2013/01/14/spl-exploit-kit-now-with-cve-2013-0422/ (Archive copy) |
| Author | Denis Laskov |
| Type | |
Abstract
“ Once in few days I see some new stuff (for me, of course) and Google cannot answer me with enough details :)
Friends, WTF is SPL Exploit Kit? urlquery.net/report.php?id=… << sample detection by @urlquery.
— Denis Laskov (@it4sec) January 7, 2013
So URLquery named it SPL Exploit kit, and almost no additional info about it present. Weird? Yep.
So me and @nsmfoo had a look at it, to see what we can learn.
Well, first of all, as I understand, name to this EK was given based on some tech specs, that return in each installation detected. Since then tech details slightly changed, but major idea is the same.
Ok, lets begin…
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1833,
editor = {},
author = {Denis Laskov},
title = {SPL exploit kit – now with CVE-2013-0422},
date = {14},
month = Jan,
year = {2013},
howpublished = {\url{http://ondailybasis.com/blog/2013/01/14/spl-exploit-kit-now-with-cve-2013-0422/}},
}