- ETPRO CURRENT_EVENTS Possible Evil Redirector Leading to EK EITest Jun 10 2016
- ET CURRENT_EVENTS EITest Flash Redirect Aug 09 2016
- ETPRO CURRENT_EVENTS Possible Evil Redirector Leading to EK EITest Feb 29
- ET CURRENT_EVENTS SUSPICIOUS Likely Neutrino EK or other EK IE Flash request to DYNDNS set non-standard filename
- ET CURRENT_EVENTS RIG Landing URI Struct March 20 2015
|Destination||220.127.116.11 (Romania)||http (80)||vucid.xyz|
- See the following for details:
- Someone walked into an Exploit Kit. This is the chain of associated events.
- It looks like they test for flash, decide that it is current, so no exploit possible.
- These events all indicate that someone walked into an Exploit Kit.
- This can happen as part of regular browsing when one hits a compromised host.
- Some checks are done to determine if the user is exploitable (flash in this case) and either delivers an exploit/payload or stops.
- It looks like the user had the latest version of flash and wasn't exploited.
- Some suspicious before and after behavior associated with this. While it doesn't look like it landed, this system should be scanned.