Threat Database Malware Exploit.SWF.CVE-2013-0634.a

Exploit.SWF.CVE-2013-0634.a

By JubileeX in Malware

Threat Scorecard

Ranking: 985
Threat Level: 10 % (Normal)
Infected Computers: 3,308
First Seen: April 12, 2013
Last Seen: September 20, 2023
OS(es) Affected: Windows

Exploit.SWF.CVE-2013-0634.a is a malware infection that is a component of a malware attack linked to orphan Tibetan refugee children caregivers. Exploit.SWF.CVE-2013-0634.a proliferates via a hacked caregiver website, which offers support for Tibetan refugee children and are distributing backdoor Trojans signed with Winnti stolen certificates distributed with Flash exploits; the compromised website is the NGO 'Tibetan Homes Foundation'. The malevolent 'footer.swf' file is hosted at the Foundation's website. The delivered backdoors are illustrated to be signed with Winnti-stolen digital certificates, including the stolen MGAME certificate. Examples of the same stolen certs reused for the backdoors, are both the MGAME cert and the ShenZehn certs signing the backdoors. The Flash exploit+payload is found as Exploit.SWF.CVE-2013-0634.a.

File System Details

Exploit.SWF.CVE-2013-0634.a may create the following file(s):
# File Name Detections
1. footer.swf

URLs

Exploit.SWF.CVE-2013-0634.a may call the following URLs:

https://www.startfenster.de/?q=

Trending

Most Viewed

Loading...