Exploit Packs OverView(4.3)

360Tencent

Exploit pack 是很多恶意软件的源头，下面这个列表是博主通过各种渠道收集到的部分流传较广的Exploit Kit近期的变化，附件是电子版,顺便说一句Exploit Kit 的价格比安全软件高了不是一星半点：）





http://contagiodump.blogspot.com ... ks-update.html#more

1. Blackhole Exploit Kit 1.2.3
Added:
CVE-2011-0559 - Flash memory corruption
CVE-2012-0507 - Java Atomic
CVE-2011-3544 - Java Rhino  

2. Eleonore Exploit Kit 1.8.91 and above
Added:
CVE-2012-0507 - Java Atomic- after 1.8.91was released
CVE-2011-3544 - Java Rhino
CVE-2011-3521 - Java Upd.27  
CVE-2011-2462 - Adobe PDF U3D
Also includes
"Flash pack" (presumably the same as before)
"Quicktime" - CVE-2010-1818 ?

3. Incognito Exploit Pack v.2 and above
there are rumors that Incognito development stopped after v.2 in 2011 and it is a different pack now. If you know, please send links or files.

Added after v.2 was released:
CVE-2012-0507 - Java Atomic
See V.2 analysis

4. Phoenix Exploit Kit v3.1 -
Added:
CVE-2012-0507 -  Java Atomic
CVE-2011-3544 -  Java Rhino + Java TC (in one file)

5. Nuclear Pack v.2  


CVE-2011-3544 Oracle Java Rhino
CVE-2010-0840 JRE Trusted Method Chaining
CVE-2010-0188 Acrobat Reader  – LibTIFF
CVE-2006-0003 MDAC

6. Sakura Exploit Pack > v.1
----------------------------------------------------

Clean.

Quality. Perfection.

----------------------------------------------------
Sakura pack ad  
Added:
CVE-2011-3544 - Java Rhino (It was in Exploitpack table v15, listing it to show all packs with this exploit)

7. Chinese Zhi Zhu Pack
CVE-2012-0003 -  WMP MIDI
CVE-2011-1255 - IE Time Element Memory Corruption
CVE-2011-2140 - Flash 10.3.183.x
CVE-2011-2110 - Flash 10.3.181.x
CVE-2010-0806 - IEPeers

8. Gong Da Pack
CVE-2011-2140  - Flash 10.3.183.x
CVE-2012-0003 -  WMP MIDI  
CVE-2011-3544 - Java Rhino




9. Dragon Pack  - it is old, listing for curiosity sake

CVE-2010-0886 - Java SMB
CVE-2010-0840 - JRE Trusted Method Chaining
CVE-2008-2463 - Snapshot
CVE-2010-0806 - IEPeers
CVE-2007-5659/2008-0655 - Collab.collectEmailInfo
CVE-2008-2992 - util.printf
CVE-2009-0927 - getIco
CVE-2009-4324 - newPlayer

hx1997

样本区成安全博客了... 不过我喜欢。

XywCloud

这样本区成什么地方了…不过这样本倒是不错～

wuyongliang

360云鉴定安全  扫描安全 运行没报
AVG扫描不报  阿香婆扫描不报

ywsuda

诺顿miss

Kevin_Memo

附件是标准的 XLS ……连宏都没有……
他只是个清单……