One week after patch Flash 19.0.0.245 is being exploited by Angler EK via CVE-2015-8446
Angler EK :
2015-12-14
CVE identification by Anton Ivanov ( Kaspersky ) and FireEye (Thanks !)
Angler EK exploiting Flash 19.0.0.245 via CVE-2015-8446 2015-12-14 |
Sample in that pass : b5920eef8a3e193e0fc492c603a30aaf
Sample from other Angler EK instance : 0615fb9e037b7bf717cc9b04708e51da 720089b93a0f2bb2a72f1166430de522
Fiddler sent to VT.
(Not replayable. You know how to contact me to land on live instances. I might not reply to mail coming from gmail,live,yahoo etc... mailboxes)
Out of topic : in that pass Bedep BuildID 5004 is loaded in Memory and is then grabbing those 2 dll in a stream
f5c1a676166fe3472e6c993faee42b34
d65f155381d26f8ddfa304c83b1ad95a
and after that performing Adfraud
CVE-2015-8446 in Angler EK - malicious mp3 is stored in encrypted JSON (same schema as in CVE-2015-5560). pic.twitter.com/FCyvP43Q0X— Anton Ivanov (@antonivanovm) December 17, 2015
Last safe version of Flash against commercial exploit kit was 19.0.0.226 fixing CVE-2015-7645Post publication readings :
(Google Translate) Angler EK latest CVE-2015-8446 Flash Exploit analysis - 2015-12-19 - Qihoo360