Spotted by Symantec in the wild patched with MS16-051 in may 2016, CVE-2016-0189 is now being integrated in Exploit Kit.
Neutrino Exploit Kit :
Here 2016-07-13 but i am being told that i am late to the party.
It's already [CN] documented here
 |
| Neutrino after ScriptJS redirector dropping Locky Affid 13- 2016-07-13 |
(Out of topic payload : 300a51b8f6ad362b3e32a5d6afd2759a910f1b6608a5565ddee0cad4e249ce18 - Locky Affid 13 )
Thanks to Malc0de for invaluable help here :)
Files Here:Neutrino_CVE-2016-0189_160714 (Password is malware - VT Link)
Edits :
2016-07-15 a previous version was stating CVE-2015-5122 for nw23. Fixed thanks to @dnpushme
Read More :
[CN] NeutrinoEK来袭:爱拍网遭敲诈者病毒挂马 2016-07-14 - Qihoo360
Patch Analysis of CVE-2016-0189 - 2016-06-22 - Theori
Internet Explorer zero-day exploit used in targeted attacks in South Korea - 2016-05-10 - Symantec
Neutrino EK: fingerprinting in a Flash - 2016-06-28 - Malwarebytes
Post publication Reading :
Exploit Kits Quickly Adopt Exploit Thanks to Open Source Release - 2016-07-14 - FireEye
Post publication Reading :
Exploit Kits Quickly Adopt Exploit Thanks to Open Source Release - 2016-07-14 - FireEye