Home / malwarePDF  

Exploit:HTML/Meadgive.W


First posted on 28 April 2019.
Source: Microsoft

Aliases :

There are no other names known for Exploit:HTML/Meadgive.W.

Explanation :

Installation

This threat is a detection on the page that loads a malicious Adobe Flash object in the browser.

We have observed this threat from current RIG exploit kit (Exploit:JS/RIGploit.A) campaigns being served as a result of redirected traffic coming from compromised websites to the exploit's landing page. 

Examples of landing pages include:

hXXp://b6l2op.dxzvkr.top/?xniKfrefKRbLDYU=l3SKfPrfJxzFGMSUb-nJDa9GP0XCRQLPh4SGhKrXCJ-ofSih17OIFxzsqAycFUKCqrF4Qu4Fah2h1QWScEZrmYRPFgVIove8hQLfyhSWksKE_EHeZQIRrpeVFOA40V_3nrASeZ0lwRGL4WQDmeIeQFFd hXXp://bac.11633.info/index.php?wybNZXY=5Cu_NTb_0PMGHifY0acZpFmF1MMy-xJg-VCvyFdjdASlksLlkOQlGDZL hXXp://bacerannfreshfallen.eyecatchers-jewelry.com/?w36KfrmbKR3OD4E=l3SKfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9wePMwoQqpGcHLRu2Qv8m7dGdJp1xUSD7TVZzb8UBl9F4RgY0Q hXXp://brhg.888695.info/index.php?6lHZOTuDlvZi=5S_qZT33h6NUHnjU1vVNoFnR05o1qxZh9Qj9mwttcAijksG0lL92Q2Ia hXXp://buf.11633.info/index.php?73PsJUE=5Ce7Mjan2KpRFS6O06sY8lnXhJthqRA6-wD6ylFnIQqokpOznecmRTZK hXXp://cgnho.33122.info/index.php?73PsJUE=5Ce7Mjan2KpRFS6O06sY8lnXhJthqRA6-wD6ylFnIQqoksHmwLRzGGFJ hXXp://dvokg.11633.info/index.php?7Ur9AkCxr9MNWCiakOs=tSq7Zj_12fFRSCmI1_Aep1mHhMMy-xFtqQH-zgJlcg2ikpLiwLIgFDJJ hXXp://gymnf.888697.info/index.php?50v4OFmW=uX29Zmjz06UCGSfbgadFoFmEjJE0_0JorgD_yAUwIV_zksC0wb8iRTZN hXXp://mlesch.eyecatchers-jewelry.info/?w36KfrmdLxbNDYQ=l3SKfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9wePMwoQqpGcHLRu2Qv8m7dGdJp1xUSD7TVZzb8UBl9F4RgY0Q hXXp://rec.philwaddingham.com/?w36KfrmaJRzMDYU=l3SKfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weMZQNH98bARbZp2Frxm7VHeJ51x0eG7mNQnekUUQ4VtxgY0Q hXXp://swxv.33122.info/index.php?73PsJUE=5Ce7Mjan2KpRFS6O06sY8lnXhJthqRA6-wD6ylFnIQqokpWynOV3RWMc

The malicious Adobe Flash object might be related to a threat known to exploit a vulnerability tracked under CVE-2015-8651. Also see Adobe Security Bulletin APSB16-01.

Analysis by Jireh Sanico

 

Last update 28 April 2019

 

TOP

Malware :

Family: