MSIE 0-day exploit CVE-2014-0322 - Possibly targeting French aerospace association
Jump to navigation
Jump to search
(Publication) Google search: [1]
MSIE 0-day exploit CVE-2014-0322 - Possibly targeting French aerospace association | |
---|---|
Botnet | |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2014 / 2014-02-13 |
Editor/Conference | Websense |
Link | http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx community.websense.com (community.websense.com Archive copy) |
Author | Alex Watson, Victor Chin |
Type | Blogpost |
Abstract
“ * Websense researchers have discovered the use of CVE-2014-0322 as early as January 20, 2014 - nearly 3 weeks before the previously known first date of the attacks
- The attack may be targeting organizations associated with the French aerospace association, GIFAS
- The CVE-2014-0322 exploit in this attack is hosted on a US server
- We observed the malicious Shockwave Flash (Tope.swf SHA:910de05e0113c167ba3878f73c64d55e5a2aff9a) being uploaded to VirusTotal on January 20. This was presumably done by the attackers to confirm if antivirus had protection for the exploit. At the time there was zero detection
- The exploit may use an in-memory attack with no file writes to avoid detection from antivirus products
- Early analysis indicates correlations between this attack and the DeputyDog and EphemeralHydra groups
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1375, editor = {Websense}, author = {Alex Watson, Victor Chin}, title = {MSIE 0-day exploit CVE-2014-0322 - Possibly targeting French aerospace association}, date = {13}, month = Feb, year = {2014}, howpublished = {\url{http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx community.websense.com}}, }