Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support

Gong Da Exploit Kit Add Java CVE-2013-1493 & IE CVE-2012-4792 & IE CVE-2012-4969 Support

Like other Exploit Kits, Gong Da has add support for Oracle Java CVE-2013-1493 vulnerability, fixed in Oracle Java 6 Update 17, has also add support for Microsoft Internet Explorer CVE-2012-4969 and CVE-2012-4792 vulnerabilities, fixed in an emergency patch in September 2012 and January 2013.

Here is the new code for CVE-2013-1493.

And here the new code for CVE-2012-4792 (aka 4792.html) and CVE-2012-4969 (aka payload.html).

Also a new variant of CVE-2012-1889 (xml.html) has been introduced, reducing the detection rate by anti-viruses.

As always this new version of Gong Da Exploit Kit has been discovered on a Korean web site.

Gong Da Pack has involve to the following diagram.

Here under some information s regarding the different files:

• HcIa2.jar (aka CVE-2011-3544): 11/46 on VirusTotal.com
  
• bzExj6.jar (aka CVE-2012-0507): 14/45 on VirusTotal.com
• BnkLbvY3.jar (aka CVE-2012-1723): 19/46 on VirusTotal.com
• iCNpns4.jar (aka CVE-2012-4681): 28/46 on VirusTotal.com
• JdtDFRW1.jar (aka CVE-2012-5076): 16/46 on VirusTotal.com
• TolxrJG6.jar (aka CVE-2013-0422): 19/46 on VirusTotal.com
• FQxzUjYP.jar (aka CVE-2013-1493): 16/46 on VirusTotal.com
• GwDFO7.swf (aka CVE-2013-0634): 10/46 on VirusTotal.com
• xmlcoreOld.html (aka CVE-2012-1889): 18/46 on VirusTotal.com
• xml.html (aka CVE-2012-1889): 3/35 on VirusTotal.com
• xmlcoreNew.html (aka CVE-2012-1889): 10/45 on VirusTotal.com
• 4792.html (aka CVE-2012-4792): 1/46 on VirusTotal.com
• xyaKEg.html and payload.html (aka CVE-2012-4969): 5/46 on VirusTotal.com

Normally Gong Da was used against gamers, but this time the loaded malware seem to be different (analysis on ThreatExpert