Silverlight exploit leads to TeslaCrypt – CVE-2016-0034
NOTES: In an earlier post from today Angler EK sends TeslaCrypt and Bedep Ad fraud I documented how Angler EK exploited a flash plugin. I recently returned to the compromised site to find the Angler EK was also exploiting Microsoft Silverlight to send TeslaCrypt.
This exploit was noted in an article by Malware Dont need Coffee .
- netdetect.co – COMPROMISED SITE
- 188.8.131.52 – three.gottyranny.info – ANGLER EK Landing Page [Silverlight]
- 184.108.40.206 – mkis.org – POST /phsys.php – POST INFECTION TRAFFIC [TeslaCrypt]
IMAGES and DETAILS:
MD5 HASHES FOR PAYLOAD FROM ANGLER EK:
3dc6d53d9f8f7851b9bfb491a7793f80 – 2016-03-21-three.gottyranny.info-TeslaCrypt.exe
Virus Total Link
Again you can see my earlier post from today for more details.