[Kafeine]

CVE-2012-1723
Other one is unknown

Bart, looking at your file this looks like from Sweet Orange.
So chance are high that it's CVE-2013-0431 with Serialization.
Cf:

Code: Select all

   String str = "co00m.su000n.j000mx.mbe00anser00ver.MB00eanInst0ant00iat0or";

[secObs]

CVE-2012-1723
Other one is unknown

Bart, looking at your file this looks like from Sweet Orange.
So chance are high that it's CVE-2013-0431 with Serialization.
Cf:

Code: Select all

   String str = "co00m.su000n.j000mx.mbe00anser00ver.MB00eanInst0ant00iat0or";

Yes, it's CVE-2013-0431.

CVE-2013-0431 uses a vulnerability of the Introspector class.



In attach:
- CVE-2013-0422 from Fiesta and Redkit
- CVE-2013-0431 from BlackHole and Sweet Orange

[Blaze]

Figured, thanks for the confirmation guys!

[secObs]

In attach:
- CVE-2013-1493 from Sibhost "Exploit Kit" with encoded Urausy inside.
- CVE-2013-0431 from Neutrino

[Squirl]

From Blackhole
CVE 2013-0422

Jar and Executable in attached

[secObs]

From Blackhole
CVE 2013-0422

Jar and Executable in attached

This is CVE-2013-0431 not 0422, anyhow thank you for sharing.

[Squirl]

Yep, you're quite right! Rushed my analysis a bit :?

[Squirl]

RedKit exploiting 2013-0422 (VT confirms :) ) together with all payloads.

[N3mes1s]

CVE-2012-1723 dropped from redkit boston.html campaign

https://www.virustotal.com/en/file/0bf5 ... 366289246/

[Blaze]

CVE-2013-1493 attached.