Metasploit modules used by malicious exploit kit in the wild
The Dell Sonicwall Threats Research team has discovered an exploit kit which uses Metasploit modules to attack the user system. This kit is identified to be NailedPack. This is a multi-payload exploit kit targeting users based on their browser and operating system.
|Fig 3 : Obfuscated AutoPwn module||Fig 4 : DeObfuscated AutoPwn module|
Above script identifies the Operating Sytem, Browser and its version and sends this information to server in base64 encoded format.
This pack requests for multiple exploits and on successful exploitation additional malware might be downloaded to the system. During our analysis we did not observe any active payload being served.
Having up to date software will help in mitigating this Exploit Kit. Dell Sonicwall Threats Research team will keep on monitoring this Exploit Kit and add update mitigation signatures as required.