As reported by Malwarebytes and FireEye, Nuclear Pack is now taking advantage of a vulnerability patched with the last version of Flash Player ( 17.0.0.134 )
Nuclear Pack : Thanks @TimoHirvonen for CVE identification
Appeared there in the morning of 2015-03-19 with this sample : cff213130ade23a2d03423305cff0639.
 |
| CVE-2015-0336 fired by Nuclear Pack 2015-03-20 |
Nuclear Pack is Firing both CVE-2015-0311 and CVE-2015-0336 depending on the instance you land on. The CVE-2015-0336 has rotated today :
c316dc31b8d4f85e655e15aa75c7b999 and later:
8c129a72b64580e0d1cf4d1e2324eb0f
Fiddler pushed to VT : Here
2015-03-20 - 17h rewording to avoid confusion. The two Flash CVE are not in the same sample.
NB : the exploit does not seems really reliable. I won't detail for obvious reasons.
Read More :
CVE-2015-0336 Nuclear EK - FireEye - 2015-03-19
Nuclear EK leverages recently patched Flash vulnerability - Malwarebytes - 2015-03-19