CVE-2015-0311 (Flash up to 16.0.0.287) integrating Exploit Kits

Patched with Flash 16.0.0.296 the CVE-2015-0311 has been first seen exploited by Angler EK ( 2015-01-20 ) , soon after used in "standalone" mode in huge malvert campaign (pushing either Reveton, either Bedep (doing adfraud and grabbing malware : Pony mostly from what I saw) )

CVE-2015-0311 used in standalone mode to drop Bedep grab Pony and perform adfraud
2015-01-28

Here are some MD5 for the Standalone CVE-2015-0311 :
656beccf7bfeefcc42c692e8320b080b
9543862cc9ae4ca77a3a683bf0c82392
f5a7aabaeb4dd62d72d74224d4064979
c1206173b4bd7d54f61e46876b89fa2f
613db35a14bc5d36fcb46603f1a73ca1
5adb0980caa5ba40125ddede266ade71

Here are some MD5 for the CVE-2015-0311 fired by Angler EK:
a956021a2a8b6351e94f11e4b799c97e - 2015-01-21 <- First spotted as it and shared.
cacd5a2271e204f3ce561cf3ca08d12c - 2015-01-22
7aff26e0ea8523c8086692a2f35fd20c - 2015-01-23
ea14f42ba6ff9f4b39158864ec98dd35 - 2015-01-25
8f45fdb14f81cd154090922769137387 - 2015-01-27 <- Once exploit extended to all Angler Threads
(Note: All were sent almost live to VT. Interestingly only one md5 leaked publicly before patch )

CVE-2015-0311 has been integrated today in RIG

RIG: 2015-01-29

[note that CVE-2014-6332 is in RIG as well. I'll update the associated post soon]
CVE id confirmed by Kaspersky (Thanks ! )

RIG successfully exploit Windows 8.1 IE11 Flash 16.0.0.257 - 2015-01-29 using
CVE-2015-0311

E:\\CrackAndHack\\targets\\Flash\\exploits\\y0lny\\new4\\fd\\src;;_SafeStr_12.as

Fiddler sent to VT. (Not shared here on purpose. No need to ask in comments : why ? break % is still too high).
Sample : 196467aa4e6e1c2a66b49d465d37f9b9
[Edit] First rotated sample after that post : 270c1ff742a50a13ae68d4c88b700017 [/Edit]

FIESTA: 2015-01-31

Fiesta successfully exploit Windows XP IE8 Flash 16.0.0.257 using CVE-2015-0311
Fiesta Logo courtesy of FoxIT.