ProPack Exploit Kit

http://malware.dontneedcoffee.com/2012/11/meet-propack-exploit-pack.html

Gates / JAR Payloads

HTTP Method = GET
HTTP URI ends with *.php
Regex HTTP URI for \/build2?\/

JARs will have content type of text/html

PDF Payloads

HTTP Method = GET
HTTP URI ends with *.pdf
Regex HTTP URI for \/build2?\/

EXE Payloads

HTTP Method = GET
Regex HTTP URI for \/build2?\/ and \.php?[a-z]=[0-9]&[a-z]=[0-9]$

See Examples of ProPack on UrlQuery.net

Comments are closed.