Discovered being exploited in the wild by FireEye [1] on May 8, 2016, patched 4 days later with Flash 21.0.0.242, CVE-2016-4117 is making its way to Exploit Kits.
Magnitude :
CVE confirmed by FireEye - Thanks !
On 2016-05-21 Magnitude is firing an exploit to Flash up to 21.0.0.213.
Magnitude firing exploit to Flash 21.0.0.213 - 2016-05-21 |
import com.adobe.tvsdk.mediacore.timeline.operations.DeleteRangeTimelineOperation;
Magnitude Flash Exploit showing import of the DeleteRangeTimelineOperation |
Fiddler sent here.
Updates to come as it appears to be a work in progress.Neutrino :
2016-05-23
Spotted by Eset.
2016-05-23 Neutrino successfully exploit CVE-2016-4117 on Flash 21.0.0.213 and drop here CryptXXX |
Fiddler sent here Password is malware
Out of topic payload: 110891e2b7b992e238d4afbaa31e165a6e9c25de2aed442574d3993734fb5220 CryptXXX
Angler EK:
2016-05-23
CVE identification by Henri Nurmi from F-Secure. Thanks !
Angler EK successfully exploit Flash 21.0.0.213 on 2016-05-23 dropping Dridex |
Fiddler sent here
Out of topic payload : 99a6f5674b738591588416390f22dedd8dac9cf5aa14d0959208b0087b718902
Most likely Dridex 123 targeting Germany based on distribution path.
Read More:
[1] CVE-2016-4117: Flash Zero-Day Exploited in the Wild - 2016-05-13 - Genwei Jiang - FireEye
[2] New Flash Vulnerability CVE-2016-4117 Shares Similarities With Older Pawn Storm Exploit - 2016-05-13 - Moony Li - TrendMicro