A fileless Ursnif doing some POS focused reco

Mission Impossible via Brixe63At begining of June, I noticed a "different" Angler pass.No drop and Ursnif call backs.FileLess Angler Pass and Ursnif CallbackMon, 01 Jun 2015 14:48:06 GMTI already encountered that "small ursnif" multiple time. In november for instance some 18ko sample pushed in Bedep 380278c243a03c70dba89af2e6d4916f (grabbing a sample doing…

A fileless Ursnif doing some POS focused reco

Mission Impossible via Brixe63At begining of June, I noticed a "different" Angler pass.No drop and Ursnif call backs.FileLess Angler Pass and Ursnif CallbackMon, 01 Jun 2015 14:48:06 GMTI already encountered that "small ursnif" multiple time. In november for instance some 18ko sample pushed in Bedep 380278c243a03c70dba89af2e6d4916f (grabbing a sample doing…

A fileless Ursnif doing some POS focused reco

Mission Impossible via Brixe63At begining of June, I noticed a "different" Angler pass.No drop and Ursnif call backs.FileLess Angler Pass and Ursnif CallbackMon, 01 Jun 2015 14:48:06 GMTI already encountered that "small ursnif" multiple time. In november for instance some 18ko sample pushed in Bedep 380278c243a03c70dba89af2e6d4916f (grabbing a sample doing…

Kovter AdFraud is updating Flash Player (and Internet Explorer)

Checking my systems I noticed multiple VM trying to grab last version of Flash and thought they were not properly setup allowing Flash Player to auto-update (which we do not want obviously - we want to keep them exploitable and also avoid behavioural/network noise).Looking a little more carefully, i understood…

Kovter AdFraud is updating Flash Player (and Internet Explorer)

Checking my systems I noticed multiple VM trying to grab last version of Flash and thought they were not properly setup allowing Flash Player to auto-update (which we do not want obviously - we want to keep them exploitable and also avoid behavioural/network noise).Looking a little more carefully, i understood…

CVE-2015-3113 (Flash up to 18.0.0.160) and Exploit Kits

Patched four days ago (2015-06-23) with Flash 18.0.0.194, the CVE-2015-3113 has been spotted as a 0day by FireEye, exploited in limited targeted attacks.  It's now making its path to Exploit KitsMagnitude :2015-06-27Magnitude successfuly exploiting Flash 18.0.0.160 on IE11 in Windows 7 on 2015-06-27Dropping 2 instances of Cryptowall RansomwareSample in that pass…

CVE-2015-3113 (Flash up to 18.0.0.160) and Exploit Kits

Patched four days ago (2015-06-23) with Flash 18.0.0.194, the CVE-2015-3113 has been spotted as a 0day by FireEye, exploited in limited targeted attacks.  It's now making its path to Exploit KitsMagnitude :2015-06-27Magnitude successfuly exploiting Flash 18.0.0.160 on IE11 in Windows 7 on 2015-06-27Dropping 2 instances of Cryptowall RansomwareSample in that pass…

CVE-2015-3104/3105 (Flash up to 17.0.0.188) and Exploit Kits

Spotted by TrendMicro, Magnitude is now exploiting CVE-2015-3105 patched with Flash 18.0.0.160Magnitude :2015-06-16Magnitude Successfully exploit Flash 17.0.0.188 in IE11 on Windows 7and pushes 2 Cryptowall2015-06-16Flash Sample in that pass : 58d1022923950ad1452c72f46b1ee3d0Fiddler sent to VTAngler EK :2015-06-17[Edit : In a previous version i wrote it was CVE-2015-3105. Fixed after I received…

Fast look at Sundown EK

Sun Down - Top GunDisclaimer : There is nothing worth a post there...except mentionning this EK is around.I would put that "kit" in the same sad basket than Archie (same level, same kind of traffic source)The exploit kit is out there since middle of April. I first heard about it…
1 17 18 19