Cool Exploit Kit Variant Executable

Have been seeing CEK being used without /world/ or /news/ or /read/…etc.

EXE Payload

HTTP Method = GET
User-agent = *Java/1.*
Content-type = application/x-msdownload
Regex HTTP URI for “\.txt\?[a-z]=[0-9]+$”

Comments are closed.