Got an alert on a exploit kit redirect, went into the PCAP via wireshark and did export HTTP Objects and got this malicious exploit kit redirect code. After modifying it slightly and running my analysis code (changed the eval and cookie setting statements into console.log statements) I was able to extract this malicious redirect code which when all the above is executed generates this single DIV tag with a malicious iframe
More about neonprimetime
Top Blogs of all-time
Top Github Contributions
Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.