Home / malware Exploit:HTML/Meadgive.W
First posted on 28 April 2019.
Source: MicrosoftAliases :
There are no other names known for Exploit:HTML/Meadgive.W.
Explanation :
Installation
This threat is a detection on the page that loads a malicious Adobe Flash object in the browser.
We have observed this threat from current RIG exploit kit (Exploit:JS/RIGploit.A) campaigns being served as a result of redirected traffic coming from compromised websites to the exploit's landing page.
Examples of landing pages include:
hXXp://b6l2op.dxzvkr.top/?xniKfrefKRbLDYU=l3SKfPrfJxzFGMSUb-nJDa9GP0XCRQLPh4SGhKrXCJ-ofSih17OIFxzsqAycFUKCqrF4Qu4Fah2h1QWScEZrmYRPFgVIove8hQLfyhSWksKE_EHeZQIRrpeVFOA40V_3nrASeZ0lwRGL4WQDmeIeQFFd hXXp://bac.11633.info/index.php?wybNZXY=5Cu_NTb_0PMGHifY0acZpFmF1MMy-xJg-VCvyFdjdASlksLlkOQlGDZL hXXp://bacerannfreshfallen.eyecatchers-jewelry.com/?w36KfrmbKR3OD4E=l3SKfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9wePMwoQqpGcHLRu2Qv8m7dGdJp1xUSD7TVZzb8UBl9F4RgY0Q hXXp://brhg.888695.info/index.php?6lHZOTuDlvZi=5S_qZT33h6NUHnjU1vVNoFnR05o1qxZh9Qj9mwttcAijksG0lL92Q2Ia hXXp://buf.11633.info/index.php?73PsJUE=5Ce7Mjan2KpRFS6O06sY8lnXhJthqRA6-wD6ylFnIQqokpOznecmRTZK hXXp://cgnho.33122.info/index.php?73PsJUE=5Ce7Mjan2KpRFS6O06sY8lnXhJthqRA6-wD6ylFnIQqoksHmwLRzGGFJ hXXp://dvokg.11633.info/index.php?7Ur9AkCxr9MNWCiakOs=tSq7Zj_12fFRSCmI1_Aep1mHhMMy-xFtqQH-zgJlcg2ikpLiwLIgFDJJ hXXp://gymnf.888697.info/index.php?50v4OFmW=uX29Zmjz06UCGSfbgadFoFmEjJE0_0JorgD_yAUwIV_zksC0wb8iRTZN hXXp://mlesch.eyecatchers-jewelry.info/?w36KfrmdLxbNDYQ=l3SKfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9wePMwoQqpGcHLRu2Qv8m7dGdJp1xUSD7TVZzb8UBl9F4RgY0Q hXXp://rec.philwaddingham.com/?w36KfrmaJRzMDYU=l3SKfPrfJxzFGMSUb-nJDa9BNUXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KTKvgJQyfu0SaGyj1BKeO10hjoUeWF8Z5e3x1RSL2x3fipSA9weMZQNH98bARbZp2Frxm7VHeJ51x0eG7mNQnekUUQ4VtxgY0Q hXXp://swxv.33122.info/index.php?73PsJUE=5Ce7Mjan2KpRFS6O06sY8lnXhJthqRA6-wD6ylFnIQqokpWynOV3RWMc
The malicious Adobe Flash object might be related to a threat known to exploit a vulnerability tracked under CVE-2015-8651. Also see Adobe Security Bulletin APSB16-01.
Analysis by Jireh Sanico
Last update 28 April 2019