While other exploit kit are struggling to keep up with Angler (none is firing CVE-2015-8446 , maybe because of the Diffie-Hellman protection on Angler's exploits ),
- Nuclear / Magnitude and Neutrino last exploits are from October (CVE-2015-7645)
- RIG and Sundown are relying on July exploits (Hacking Team's one - CVE-2015-5122)( all have the IE CVE-2015-2419 from august)
Angler has just integrated CVE-2015-8651 patched with Flash 20.0.0.270 on 2015-12-28
Angler EK : 2016-01-25
The exploit might be here since the 22 based on some headers modification which appeared that day.
It's not yet pushed in all Angler EK threads but widely spread.
Thanks Anton Ivanov (Kaspersky) for CVE Identification !
 |
| CVE-2015-8651 (and CVE-2015-2419) being successfully exploited by Angler EK to load bedep in memory 2016-01-25 |
---
Another pass via the "noisy" Cryptowall "crypt13x" actor which threads also has it :
 |
| CVE-2015-8651 being successfully exploited by Angler EK to load Cryptowall (crypt13001) from the widely spread and covered "crypt13x" actor thread - 2016-01-25 |
(Out of Topic payload : 5866906a303b387b9918a8d7f8b08a51 Cryptowall crypt13001 )
I have been told by Eset that the exploit is successful on Flash 20.0.0.235 and Firefox.
Read More:
(GoogleTranslate - via @eromang ) Offshore "Dark Hotel" organization of domestic business executives launched APT attacks - 2015-12-31 - ThreatBook
Post publication reading :
An Analysis on the Principle of CVE-2015-8651 - Antiy Labs - 2016-01-26