Neutrino Exploit Kit

http://jung. demonised .org/lotobs?fgtxowblk=4238735 > Landing (Paste)
http://jung. demonised .org/scripts/js/plugin_detector.js
http://jung. demonised .org/cwk78d7ro > Applet Serialization (Paste)
http://jung. demonised .org/ewogqfbibxd?hggitdbt=515245e3aaa2cbaa2a00002b (application/java-archive)
http://jung. demonised .org/java/lang/ClassBeanInfo.class
http://jung. demonised .org/java/lang/ObjectBeanInfo.class
http://jung. demonised .org/java/lang/ObjectCustomizer.class
http://jung. demonised .org/java/lang/ClassCustomizer.class
http://jung. demonised .org/pdjunyijv?hfmtd=515245e3aaa2cbaa2a00002b (application/octet-stream) > Encoded EXE

Neutrino JAR

HTTP Method = GET
Content-type = application/java-archive
Regex HTTP URI for =[a-f0-9]{24}$

Neutrino EXE

HTTP Method = GET
Content-type = application/octet-stream
User-Agent = *Java/1.*
Regex HTTP URI for =[a-f0-9]{24}$

Neutrino JAR 2

HTTP Method = GET
Content-Type = application/java-archive
Regex HTTP URI for \/[A-Za-z0-9]{50,}(==?)?$

Neutrino EXE 2

HTTP Method = GET
Content-Type = application/octet-stream
Regex HTTP URI for \/[A-Za-z0-9]{50,}(==?)?$

Reference: http://malware.dontneedcoffee.com/2013/03/hello-neutrino-just-one-more-exploit-kit.html

Comments are closed.