Serenity Exploit Kit

Plugin Exploits:

\/files\/load\/((ie|libt|ie2|libtiffurl|midi|time2|xml)\.php|combo\.jar|ie\.html)$

Executable Downloads:

\/get\.php\?f=[0-9]$

Example:

hxxp://limbo.usa.cc/op828ajjsi199a/index.php > GATE
hxxp://limbo.usa.cc/op828ajjsi199a/files/load/ie.php > EXPLOIT
hxxp://winlock.usa.cc/op828ajjsi199a/get.php?f=3 > EXE

References:

http://www.malekal.com/2012/11/16/en-serenity-exploit-pack/
http://www.xylibox.com/2012/11/serenity-exploit-kit.html
http://malwaremustdie.blogspot.com/2012/11/what-serenity-exploit-kit-dropped.html
Serenity on MalwareDomainList.com

Comments are closed.