Zero Day Java Exploits(All Java Exploits goes here)

Forum for analysis and discussion about malware.

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby secObs » Thu Jan 10, 2013 3:20 pm

Here it is the new java 0 day jar used by Blackhole. Exploit download Zbot.

Both files in attachment.

Jar: 483b40f21a9e97f0dc6c88a21fddc1ec
Zeus: f0e4b2c0e73d20cc535834b0d7faa6c2
You do not have the required permissions to view the files attached to this post.
User avatar
secObs
 
Posts: 25
Joined: Sun Mar 04, 2012 10:53 pm
Location: here, there and everywhere
Reputation point: 22

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby WawaSeb » Thu Jan 10, 2013 9:12 pm

Hello,

Here's decrypted source : http://pastebin.com/raw.php?i=cUG2ayjh
Hope it's not already included in this topic.
WawaSeb
 
Posts: 11
Joined: Sun Mar 14, 2010 7:27 pm
Reputation point: 0

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby WawaSeb » Sat Jan 12, 2013 9:13 am

WawaSeb wrote:Hello,

Here's decrypted source : http://pastebin.com/raw.php?i=cUG2ayjh
Hope it's not already included in this topic.


Interesting analysis : https://partners.immunityinc.com/idocs/ ... alysis.pdf
WawaSeb
 
Posts: 11
Joined: Sun Mar 14, 2010 7:27 pm
Reputation point: 0

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby p4r4n0id » Sat Jan 12, 2013 9:20 am

Cassiel wrote:This is predicting trouble, any chances we can get an sample of what is being dropper/jar ?

EDIT:

Kafeine did full disclore, I have added his files here


JoeBox analysis for UTTER-OFFEND.exe (MD5: 237f8ffc0c24191c5bb7bd9099802ee4)

http://joe4security.blogspot.ch/2013/01 ... nical.html

p4r4n0id
Keep Low. Move Fast. Kill First. Die Last. One Shot. One Kill. No Luck. Pure Skill.
http://p4r4n0id.com/
p4r4n0id
 
Posts: 126
Joined: Thu Sep 22, 2011 11:36 am
Location: Israel
Reputation point: 30

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby Xylitol » Sun Jan 13, 2013 8:08 pm

Silent jdb, cve 2013-0422 from Adwind Web Fake 1.4 (hackforums.net/showthread.php?tid=3128940)
https://www.virustotal.com/file/10f09d0 ... 358106689/ > 0/46
Code: Select all
https://rstforums.com/forum/63344-java-0day-cve-2013-0422-1-7u10.rst

also just saw this pdf 0day:
Code: Select all
https://damagelab.org/index.php?showtopic=23552&st=0
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1618
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 479

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby 360Tencent » Wed Jan 16, 2013 10:48 am

You do not have the required permissions to view the files attached to this post.
360Tencent
 
Posts: 114
Joined: Thu Dec 15, 2011 12:47 pm
Reputation point: 47

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby Cody Johnston » Sat Jan 19, 2013 8:48 pm

Looks like there is still some holes in Java 7 Update 11:

http://seclists.org/fulldisclosure/2013/Jan/142
Cody Johnston
 
Posts: 150
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Reputation point: 60

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby secObs » Mon Feb 18, 2013 10:59 pm

@EKwatcher has spotted Cool EK using CVE-2013-0431.

It drops reveton and isn't heavely obfuscated.

Detection 2/45
https://www.virustotal.com/en/file/c..d9c/analysis/

MD5: 97ad65a3458e4d8551e4bc0ff4a8f97c
SHA-1: 98c61c132a918766c7565a719274fdefab33f7ff
You do not have the required permissions to view the files attached to this post.
User avatar
secObs
 
Posts: 25
Joined: Sun Mar 04, 2012 10:53 pm
Location: here, there and everywhere
Reputation point: 22

Java 0day CVE-2013-1493

Postby Mr52 » Mon Mar 04, 2013 4:40 pm

Hi, I'm looking for particular sample of
0day Java Sample listed here http://blog.fireeye.com/research/2013/0 ... day-2.html
with sha256 ae3cf092e35c83958f527ab7ac7b21ac1b11772a91aaacd8ae69a91baaa7d0ae
Sample names
sample.jar
jar_cache4445970813497302613.tmp
sample.dat

Thank you.
Mr52
 
Posts: 0
Joined: Fri Feb 15, 2013 8:56 am
Reputation point: 0

Re: Java 0day CVE-2013-1493

Postby Squirl » Tue Mar 05, 2013 1:38 pm

I'm just working on obtaining the Jar - in the meantime, here's the payload after a successful exploit.
You do not have the required permissions to view the files attached to this post.
User avatar
Squirl
 
Posts: 15
Joined: Sun Apr 03, 2011 11:48 pm
Reputation point: 14

PreviousNext

Return to Malware

Who is online

Users browsing this forum: No registered users and 9 guests