Think tank sevenpillarsinstitute.org Serves Nuclear Exploit Kit

Seven Pillar Institute is a Not-for-profit Think Tank that works on financial ethics. My analysis system found a web infection in their site over the weekend. The infection chain is very close to what we see in this link. The exploit chain leads to Nuclear Exploit kit and it drops Tofsee malware.

http://sevenpillarsinstitute.org
       http://sevenpillarsinstitute.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
                 http://bablueras.mywarsawwedding.com/cacufriend16.html (178.62.147.65)
                       
http://kolomanusa.elainelasticnes.com/9d839cbahwxf/1/9ffbf35e4190fbba62f70c8477fa3964.html
                        http://kolomanusa.elainelasticnes.com/2279726105/2/1410009540.swf (80.85.84.232)
                       
http://kolomanusa.elainelasticnes.com/f/2/1410009540/2279726105/7
                        http://kolomanusa.elainelasticnes.com/2279726105/2/1410009540.jar
                        http://kolomanusa.elainelasticnes.com/2279726105/2/1410009540.htm
                        http://kolomanusa.elainelasticnes.com/f/2/1410009540/2279726105/2

The final dropper is Tofsee malware (MD5: 8cd39591c1766918a7f83090f5d655ac)

image

Advertisements
This entry was posted in Exploit Kit, Malware and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s