Operation Daybreak
Contents
Flash zero-day exploit deployed by the ScarCruft APT Group
Earlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks. This technology already proved its effectiveness earlier this year, when it caught an Adobe Flash zero day exploit (CVE-2016-1010). Earlier this month, our technology caught another zero-day Adobe Flash Player exploit deployed in targeted attacks. We believe the attacks are launched by an APT Group we track under the codename “ScarCruft”.
ScarCruft is a relatively new APT group; victims have been observed in Russia, Nepal, South Korea, China, India, Kuwait and Romania. The group has several ongoing operations, utilizing multiple exploits — two for Adobe Flash and one for Microsoft Internet Explorer.
Operation Daybreak appears to have been launched by ScarCruft in March 2016 and employs a previously unknown (0-day) Adobe Flash Player exploit. It is also possible that the group deployed another zero day exploit, CVE-2016-0147, …
Earlier this year, we deployed new technologies in Kaspersky Lab products to identify and block zero-day attacks. This technology already proved its effectiveness earlier this year, when it caught an Adobe Flash zero day exploit (CVE-2016-1010). Earlier this month, our technology caught another zero-day Adobe Flash Player exploit deployed in targeted attacks. We believe the attacks are launched by an APT Group we track under the codename “ScarCruft”.
ScarCruft is a relatively new APT group; victims have been observed in Russia, Nepal, South Korea, China, India, Kuwait and Romania. The group has several ongoing operations, utilizing multiple exploits — two for Adobe Flash and one for Microsoft Internet Explorer.
Operation Daybreak appears to have been launched by ScarCruft in March 2016 and employs a previously unknown (0-day) Adobe Flash Player exploit. It is also possible that the group deployed another zero day exploit, CVE-2016-0147, …
IoC
067681b79756156ba26c12bc36bf835c
212.7.217.10
3e5ac6bbf108feec97e1cc36560ab0b6
8844a537e7f533192ca8e81886e70fbc
a6f14b547d9a7190a1f9f1c06f906063
e51ce28c2e2d226365bc5315d3e5f83e
f8a2d4ddf9dc2de750c8b4b7ee45ba3f
http://212.7.217.10
http://reg.flnet.org
http://webconncheck.myfw.us
http://webconncheck.myfw.us:8080/8xrss.php
212.7.217.10
3e5ac6bbf108feec97e1cc36560ab0b6
8844a537e7f533192ca8e81886e70fbc
a6f14b547d9a7190a1f9f1c06f906063
e51ce28c2e2d226365bc5315d3e5f83e
f8a2d4ddf9dc2de750c8b4b7ee45ba3f
http://212.7.217.10
http://reg.flnet.org
http://webconncheck.myfw.us
http://webconncheck.myfw.us:8080/8xrss.php