Zero Day Java Exploits(All Java Exploits goes here)

Forum for analysis and discussion about malware.

Re: Java 0day CVE-2013-1493

Postby Squirl » Tue Mar 05, 2013 2:26 pm

And here's the Jar
You do not have the required permissions to view the files attached to this post.
User avatar
Squirl
 
Posts: 15
Joined: Sun Apr 03, 2011 11:48 pm
Reputation point: 14

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby Blaze » Thu Mar 07, 2013 8:16 am

CVE-2013-0422 in attach.


Also relevant:
Oracle Java Exploits and 0days Timeline
http://eromang.zataz.com/uploads/oracle ... eline.html
You do not have the required permissions to view the files attached to this post.
Follow me on Twitter: @bartblaze
User avatar
Blaze
 
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Reputation point: 71

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby Blaze » Wed Mar 13, 2013 3:22 pm

(Most probably) CVE-2013-0431 in attach.

Related blogpost: http://bartblaze.blogspot.com/2013/03/e ... where.html
You do not have the required permissions to view the files attached to this post.
Follow me on Twitter: @bartblaze
User avatar
Blaze
 
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Reputation point: 71

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby EP_X0FF » Wed Mar 13, 2013 3:27 pm

Blaze wrote:(Most probably) CVE-2013-0431 in attach.

Related blogpost: http://bartblaze.blogspot.com/2013/03/e ... where.html


Thanks for sharing, can you attach executable payload?
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4744
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 560

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby Blaze » Wed Mar 13, 2013 3:35 pm

All files gathered as mentioned in blogpost (+ today's files) attached.

Payload: xydyswylmylh.exe
MD5: 22f3c0fd2a5d9e1799699097836bb5dc
You do not have the required permissions to view the files attached to this post.
Follow me on Twitter: @bartblaze
User avatar
Blaze
 
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Reputation point: 71

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby EP_X0FF » Thu Mar 14, 2013 6:57 am

Blaze wrote:All files gathered as mentioned in blogpost (+ today's files) attached.

Payload: xydyswylmylh.exe
MD5: 22f3c0fd2a5d9e1799699097836bb5dc


Unpacked Cutwail in attach.
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4744
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 560

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby maddy » Fri Mar 15, 2013 1:55 am

Hi,

CVE_2013_0634

SWF_FILE

-maddy
You do not have the required permissions to view the files attached to this post.
maddy
 
Posts: 14
Joined: Sat Sep 01, 2012 12:49 pm
Reputation point: 7

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby Squirl » Tue Mar 19, 2013 4:12 pm

Spam campaign serving up Blackhole.
http://www.symantec.com/connect/blogs/p ... ds-malware

URLs used in the campaign:
hxxp://aven-clan.net76.net/popesued.html
hxxp://daewoo.maglan.ru/popesued.html
hxxp://7887.ru/popesued.html
hxxp://dota-soul.ru/popesued.html

All samples currently redirect to:
hxxp://webpageparking.net/kill/borrowin ... esting.php

Domain hosted at the following IPs:

webpageparking.net 24.111.157.113 (Grand Forks, ND, US)
webpageparking.net 109.74.61.59 ()
webpageparking.net 58.26.233.175 (Kuala Lumpur, 14, MY)
webpageparking.net 155.239.247.247 (Parow, 11, ZA)
Associated bad domains:

buxarsurf.net
buyersusaremote.net
cyberage-poker.net
fenvid.com
gatovskiedelishki.ru
heavygear.net
hotels-guru.net
openhouseexpert.net
picturesofdeath.net
plussestotally.biz
porftechasgorupd.ru
sawlexmicroupdates.ru
secureaction120.com
secureaction150.com
teenlocal.net

Payload:

Exploits CVE-2013-0431 – abuses findClass method from com.sun.jmx.mbeanserver.MBeanInstatiator (actual exploit occurs in test2.class)

5/45 https://www.virustotal.com/en/file/fd40 ... /analysis/

Server-side poly Zbot
You do not have the required permissions to view the files attached to this post.
User avatar
Squirl
 
Posts: 15
Joined: Sun Apr 03, 2011 11:48 pm
Reputation point: 14

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby Blaze » Wed Mar 20, 2013 9:32 am

CVE-2012-1723
CVE-2013-0422

One loads Reveton, the other one Urausy.
You do not have the required permissions to view the files attached to this post.
Follow me on Twitter: @bartblaze
User avatar
Blaze
 
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Reputation point: 71

Re: Zero Day Java Exploits(All Java Exploits goes here)

Postby Blaze » Sat Mar 30, 2013 1:56 pm

CVE-2012-1723
Other one is unknown
You do not have the required permissions to view the files attached to this post.
Follow me on Twitter: @bartblaze
User avatar
Blaze
 
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Reputation point: 71

PreviousNext

Return to Malware

Who is online

Users browsing this forum: Gladiator, Google [Bot], Xylitol and 7 guests