Impact Exploit Kit

Gates:

HTTP Request Method = GET
Regex HTTP URI for \/[a-z]{8}\.php\?[a-z]{8}=[0-9]{6}$

http://ads.iowaprivatedetective.com/7v0ojqgsdr/janeject.php?cutelash=513957
http://freewebom.www1.biz/search/lacklawy.php?jewwlapp=323713
http://purrenatural.com/bveqwohrpgaon/lappcess.php?lanejamm=708546

See Examples of Impact Exploit Kit Gates on UrlQuery.net

JAR Payload

HTTP Request Method = GET
Content-Type = application/x-java-archive
HTTP URI = *.jar
Regex HTTP URI for \/[a-z]{8}\.jar$

PDF Payload

HTTP Request Method = GET
Content-Type = application/pdf
HTTP URI = *.php
Regex HTTP URI for \/[a-z]{8}\.php$

EXE Download

HTTP Request Method = GET
Content-Type = application/x-msdownload
HTTP URI = *.php
Regex HTTP URI for \/[a-z]{8}\.php$

Some example strings…

http://map.mystreetbuzz.com/Get0horsmmS1/aborjack.php
http://web.disasterrestorationmarketing.co/In5aIderss5/aborjack.php
http://map.vtecnetworks.net/7v0ojqgsdrzvra/toryesus.php
http://map.autotradertoledo.com/7v0ojqgsdrzvra/bovetory.php

PDF file analysis on Wepawet

Reference: http://malware.dontneedcoffee.com/2012/12/inside-impact-exploit-kit-back-on-track.html

Comments are closed.