Cool Exploit Kit

HTTP Request Method = GET
HTTP URI Strings = below…

Gates

“*/t/l/*.php”
“*/r/l/*.php”

Exploits

“*/media/pdf_new.php”
“*/media/pdf_old.php”
“*/media/file.php”
“*/data/flash.swf?info=02*”
“*/media/score.swf”
“*/media/new.jar”
“*/media/file.jar”
“*/bagdfssdb.jar”
*/filelist.php
*/32size_font.eot
*/64size_font.eot
*/file.dll
*/myadv.php
*/r/admin.php
*/r/check.php
*/r/index.php
*/r/files.php
*/r/f.php
*/r/config.php
*/r/guest.php
*/r/pricelist.php
*/r/threads.php
*/r/media/*.jar

EXEs    

“*/f.php?k=4*”
“*/f.php?k=3*”
“*/f.php?k=2*”

See examples of Cool Exploit Kit Gates on UrlQuery.net

See examples of Cool Exploit Kit Plugin Payloads on UrlQuery.net

See examples of Cool Exploit Kit Duqu Font Drop on UrlQuery.net

See examples of Cool Exploit Kit Executables on UrlQuery.net

References:

http://malware.dontneedcoffee.com/2012/11/cool-ek-hello-my-friend-cve-2012-5067.html
Cool Exploit Kit on Malwaredomainlist.com

Comments are closed.