Linux/AirDropBot Samples

Malware Must Die:  MMD-0064-2019 - Linux/AirDropBot

Mirai variant targeting Linksys E-series - Remote Code Execution

tmUnblock.cgi 

Download. Email me if you need the password (see in my profile)

 Malware Inventory (work in progress)

Links updated: Jan 19, 2023

Hashes

MD5	SHA256	SHA1
85a8aad8d938c44c3f3f51089a60ec16	1a75642976449d37acd14b19f67ed7d69499c41aa6304e78c7b2d977e0910e37	2f0079bb42d5088f1fec341cb68f15cdd447ac43
2c0afe7b13cdd642336ccc7b3e952d8d	64c0e594d4926a293a1f1771187db8cfb44a0dda80d8b25b4f0c975e1e77745c	fef65085a92654cbcf1e3e0d851c6cda8dd3b03d
94b8337a2d217286775bcc36d9c862d2	71c02b99046c3be12e31577aa6623ce47dfb7f369e67af564d2bd499080c03b6	d5deeb1b61026479acb421583b7b82d09d63e921
417151777eaaccfc62f778d33fd183ff	bf6941e644a430fef43afc749479859665a57b711d5483c2c7072049c7db17b7	f76b9447db23229edae17a3160e04df41bc35a9d
d31f047c125deb4c2f879d88b083b9d5	2785845c97a69e15c9c1535216732a9d24bcf8f7244ce7872a2b0d2d4bcb92c3	4693505ef4c029112c4b85a16762cf90f0d69c15
ff1eb225f31e5c29dde47c147f40627e	f7ab3d315961d84da43f30a186136a56f5aa1e9afe6b56a0d357accd5f0ab81a	d5f2a976b703b5e687ffc58c408e0bc880838ae7
f3aed39202b51afdd1354adc8362d6bf	fa2bc8d988c8dfbdc965f1373bd80e9f5862868397c1bcb5e84b1e9c1756e0e2	31f0bca917cfbffcc126219439d38fe80d5c8460
083a5f463cb84f7ae8868cb2eb6a22eb	d654850f7785a5adb34f0808e2952f66e3784c0a32427fab9e97c75f0a48d9f5	ed4359a2805ce69771253d2257598b5c63c36c8e
9ce4decd27c303a44ab2e187625934f3	a2a245f12ae44cca79f03a465e2dc3dfa222dfcfda1017824b16abf397f16255	710e85ae3d362d3c8f3759319c308ff9b4dcdc86
b6c6c1b2e89de81db8633144f4cb4b7d	2480be0d00193250bc9eb50b35403399ed44f53d5d919600ee5bab14ef769530	ee77141054ac8d2fad062bcd79832b5f481c7dfb
abd5008522f69cca92f8eefeb5f160e2	509299df2f6150f59ed777873d3b7c708587c68a4004b4654a8cf2a640dd50aa	15cf94828c07e080b9c455738f3219859d9ab732
a84bbf660ace4f0159f3d13e058235e9	565deb4b1a7397d2497c75c9635b81d2e3b6427f0c576e5cd3c4224660712b56	c56fea8c1c949394e539d5ab3e3df7dfd329844a
5fec65455bd8c842d672171d475460b6	121c7ebfb99d8ef39f72bf7c787be4c15e2e08b731f01172605a4d34d27f08eb	3b6ca4525c3aad0583400b911b015071a0ea6133
4d3cab2d0c51081e509ad25fbd7ff596	7f71577b63b449c1a9e9aa516fa9e4320fe5f79548a00025a430894a269ab57b	d521f25362791de4d8a82a2683f032c1dd816e74
252e2dfdf04290e7e9fc3c4d61bb3529	834fc5c0ccfde1f3d52d88355717f119221118ee2d26018b417c50d066e9e978	c8f3130e64a6f825b1e97060cf258e9086a2b650
5dcdace449052a596bce05328bd23a3b	22949a7a3424f3b3bdf7d92c5e7a7a0de4eb6bbe9c523d57469944f6a8b1d012	f2c072560559a3f112e2000c8e28ee975b2b9db3
9c66fbe776a97a8613bfa983c7dca149	18c08d3c39170652d4770b2f7785e402b58c1f6c51ba1338be4330498ef268f4	18a99ec770109357d1adbc1c2475b17d4dcca651
59af44a74873ac034bd24ca1c3275af5	1c345b5e7c7fdcc79daa5829e0f93f6ae2646f493ae0ec5e8d66ab84a12a2426	98f789e91809203fbf1b7255bd0579fc86a982ba
9642b8aff1fda24baa6abe0aa8c8b173	98165c65d83fd95379e2e7878ac690c492ac54143d7b12beec525a9d048bedae	bd447e0e77a9192b29da032db8e1216b7b97f9ed
e56cec6001f2f6efc0ad7c2fb840aceb	7a2bf405c5d75e4294c980a26d32e80e108908241751de4c556298826f0960f1	b1c271d11797baac2504916ac80fd9e6fac61973
54d93673f9539f1914008cfe8fd2bbdd	c396a1214956eb35c89b62abc68f7d9e1e5bd0e487f330ed692dd49afed37d5a	72a9b8d499cce2de352644a8ffeb63fd0edd414b
6d202084d4f25a0aa2225589dab536e7	c691fecb7f0d121b5a9b8b807c5767ad17ae3dd9981c47f114d253615d0ef171	a68149c19bfddcdfc537811a3a78cd48c7c74740
cfbf1bd882ae7b87d4b04122d2ab42cb	892986403d33acb57fca1f61fc87d088b721bdd4b8de3cd99942e1735188125b	a067a0cf99650345a32a65f5bc14ab0da97789b6

Related word

• Pentest Tools Website Vulnerability
• Hack Tools Online
• Hacker Techniques Tools And Incident Handling
• Top Pentest Tools
• Hacking Tools For Mac
• Hack Tools
• Pentest Tools Framework
• Pentest Tools For Android
• Hacker Tools For Mac
• Hack Tools For Pc
• Hacker Tools For Windows
• Hacking Tools Free Download
• Hacking Tools Windows 10
• Hacker Tools 2020
• Hack Tools For Pc
• Best Pentesting Tools 2018
• Physical Pentest Tools
• Ethical Hacker Tools
• Best Hacking Tools 2019
• How To Make Hacking Tools
• Hacker Search Tools
• Pentest Tools For Mac
• Best Pentesting Tools 2018
• Hacking Tools For Mac
• Hacking Tools Download
• Hacker Tools Software
• Pentest Tools Alternative
• Hacking Tools Hardware
• Pentest Tools Online
• Pentest Tools Website Vulnerability
• How To Make Hacking Tools
• Hak5 Tools
• Ethical Hacker Tools
• Pentest Tools List
• Pentest Tools Online
• Hacker Tools Apk Download
• Hacker Tool Kit
• Pentest Tools Framework
• Kik Hack Tools
• Tools 4 Hack
• Pentest Tools For Ubuntu
• Hacker Security Tools
• Easy Hack Tools
• Hacking Tools Windows 10
• Underground Hacker Sites
• Pentest Tools Port Scanner
• Android Hack Tools Github
• Hacker Tools
• Hak5 Tools
• Hack Rom Tools
• Hacking Tools For Mac
• Usb Pentest Tools
• Hacker Tools
• Hacking Tools 2019
• Hacking Tools For Windows 7
• Hacks And Tools
• Best Hacking Tools 2020
• Hacking Tools For Windows
• What Are Hacking Tools
• Hacking App
• Tools 4 Hack
• Pentest Tools Find Subdomains
• Hacking Tools Kit
• Pentest Automation Tools
• Hacker Hardware Tools
• Hacker Tools For Ios
• Hacker Security Tools
• Hacker Techniques Tools And Incident Handling
• Free Pentest Tools For Windows
• Hacker Tools Linux
• Hacking Apps
• Hacker Tools Linux
• Hacking Tools 2020
• Pentest Tools Subdomain
• Hack Tools Download
• How To Install Pentest Tools In Ubuntu
• Hack Tools Mac
• Wifi Hacker Tools For Windows
• Hacking App
• Hak5 Tools
• Black Hat Hacker Tools
• Hacker Techniques Tools And Incident Handling
• Pentest Box Tools Download
• Hacking Tools Online
• Install Pentest Tools Ubuntu
• Hacker Tools Github
• Pentest Tools Github
• What Is Hacking Tools
• Pentest Tools Alternative
• Hacker Tools Linux
• Pentest Tools Subdomain
• Pentest Tools Website Vulnerability
• Hacks And Tools
• Hacking Tools Windows
• Hacker
• Hack Tools Github
• Hack Tool Apk
• Free Pentest Tools For Windows
• Free Pentest Tools For Windows
• Hacking Tools Windows
• Pentest Tools Review
• Hack Tools Github
• Tools Used For Hacking
• Top Pentest Tools
• Github Hacking Tools
• Tools 4 Hack
• Hacking Tools For Kali Linux
• Hacking Tools For Mac
• Pentest Tools For Ubuntu
• Hacker Tools Free
• Tools 4 Hack
• Game Hacking
• Hacker Tools List
• Hacking Tools Software
• Hacking Tools Windows 10
• Hack Tools 2019
• Pentest Tools List
• Hacker Tools 2019
• Hacker Tools Free Download
• Pentest Tools Port Scanner
• Pentest Tools Bluekeep
• Android Hack Tools Github
• Pentest Tools Linux
• Pentest Tools Subdomain
• Hacking Tools Usb
• Usb Pentest Tools
• Black Hat Hacker Tools
• Tools Used For Hacking
• Pentest Tools Tcp Port Scanner
• Physical Pentest Tools
• Hacker Tools Windows
• Pentest Tools Website Vulnerability
• Hacker Tools Online

An Overview Of Exploit Packs (Update 25) May 2015

Update May 12, 2015

Added CVE-2015-0359 and updates for CVE-2015-0336

 Exploit kit table 2014- 2015 (Sortable HTML table)

Reference table : Exploit References 2014-2015

Update March 20, 2015

Added CVE-2015-0336

------------------------

Update February 19, 2015

Added Hanjuan Exploit kit and CVE-2015-3013 for Angler 

Update January 24, 2015 

http://www.kahusecurity.com

Added CVE-2015-3010, CVE-2015-3011 for Agler and a few reference articles. 
If you notice any errors, or some CVE that need to be removed (were retired by the pack authors), please let me know. Thank you very much!

Update December 12, 2014

Update Jan 8, 2014

 This is version 20 of the exploit pack table - see the added exploit packs and vulnerabilities listed below.

Exploit Pack Table Update 20
Click to view or download from Google Apps

I want to give special thanks to Kafeine  L0NGC47,  Fibon and  Curt Shaffer for their help and update they made.  Note the new Yara rules sheet / tab for yara rules for exploit kit.
I also want to thank Kahu security, Kafeine, Malforsec and all security companies listed in References for their research.

If you wish to be a contributor (be able to update/change the exploits or add yara rules), please contact me :)
If you have additions or corrections, please email, leave post comments, or tweet (@snowfl0w) < thank you!

The Wild Wild West image was created by Kahu Security  - It shows current and retired (retiring) kits.

List of changed kits

Gong Da / GonDad	Redkit 2.2	x2o (Redkit Light)	Fiesta (=Neosploit)	Cool  Styxy	DotkaChef
CVE-2011-3544	CVE-2013-2551	CVE-2013-2465	CVE-2010-0188	CVE-2010-0188	CVE-2012-5692
CVE-2012-0507	CVE-2013-2471		CVE-2013-0074/3896	CVE-2011-3402	CVE-2013-1493
CVE-2012-1723	CVE-2013-1493		CVE-2013-0431	CVE-2013-0431	CVE-2013-2423
CVE-2012-1889	CVE-2013-2460		CVE-2013-0634	CVE-2013-1493
CVE-2012-4681			CVE-2013-2551	CVE-2013-2423
CVE-2012-5076
CVE-2013-0422
CVE-2013-0634
CVE-2013-2465

Angler	FlashPack = SafePack	White Lotus	Magnitude (Popads)	Nuclear 3.x	Sweet Orange
CVE-2013-0074/3896	CVE-2013-0074/3896	CVE-2011-3544	CVE-2011-3402	CVE-2010-0188	CVE-2013-2423
CVE-2013-0634	CVE-2013-2551	CVE-2013-2465	CVE-2012-0507	CVE-2012-1723	CVE-2013-2471
CVE-2013-2551		CVE-2013-2551	CVE-2013-0634	CVE-2013-0422	CVE-2013-2551
CVE-2013-5329			CVE-2013-2460	CVE-2013-2423
CVE-2013-2471 ??			CVE-2013-2471	CVE-2013-2460
			CVE-2013-2551	CVE-2013-2551

CK	HiMan	Neutrino	Blackhole (last)	Grandsoft	Private EK
CVE-2011-3544	CVE-2010-0188	CVE-2013-0431	CVE-2013-0422	CVE-2010-0188	CVE-2006-0003
CVE-2012-1889	CVE-2011-3544	CVE-2013-2460	CVE-2013-2460	CVE-2011-3544	CVE-2010-0188
CVE-2012-4681	CVE-2013-0634	CVE-2013-2463*	CVE-2013-2471	CVE-2013-0422	CVE-2011-3544
CVE-2012-4792*	CVE-2013-2465	CVE-2013-2465*	and + all or some	CVE-2013-2423	CVE-2013-1347
CVE-2013-0422	CVE-2013-2551	CVE-2013-2551	exploits	CVE-2013-2463	CVE-2013-1493
CVE-2013-0634		* switch 2463*<>2465*	from the previous		CVE-2013-2423
CVE-2013-3897		Possibly + exploits	version		CVE-2013-2460
* removed		from the previous
		version

Sakura 1.x	LightsOut	Glazunov	Rawin	Flimkit	Cool EK (Kore-sh)	Kore (formely Sibhost)
cve-2013-2471	CVE-2012-1723	CVE-2013-2463	CVE-2012-0507	CVE-2012-1723	CVE-2013-2460	CVE-2013-2423
CVE-2013-2460	CVE-2013-1347	cve-2013-2471	CVE-2013-1493	CVE-2013-2423	CVE-2013-2463	CVE-2013-2460
and + all or some	CVE-2013-1690		CVE-2013-2423	CVE-2013-2471		CVE-2013-2463
exploits	CVE-2013-2465					CVE-2013-2471
from the previous
version

Styx 4.0	Cool	Topic EK	Nice EK
CVE-2010-0188	CVE-2012-0755	CVE-2013-2423	CVE-2012-1723
CVE-2011-3402	CVE-2012-1876
CVE-2012-1723	CVE-2013-0634
CVE-2013-0422	CVE-2013-2465
CVE-2013-1493	cve-2013-2471
CVE-2013-2423	and + all or some
CVE-2013-2460	exploits
CVE-2013-2463	from the previous
CVE-2013-2472	version
CVE-2013-2551
Social Eng

=================================================================

The Explot Pack Table has been updated and you can view it here.

Exploit Pack Table Update 19.1  - View or Download from Google Apps

If you keep track of exploit packs and can/wish  to contribute and be able to make changes, please contact me (see email in my profile)
I want to thank L0NGC47, Fibon, and Kafeine,  Francois Paget, Eric Romang, and other researchers who sent information for their help.




Update April 28, 2013 - added CVE-2013-2423 (Released April 17, 2013) to several packs. 
Now the following packs serve the latest Java exploit (update your Java!)

1. Styx
2. Sweet Orange
3. Neutrino
4. Sakura
5. Whitehole
6. Cool
7. Safe Pack
8. Crime Boss
9. CritX

Other changes
Updated:

1. Whitehole
2. Redkit
3. Nuclear
4. Sakura
5. Cool Pack
6. Blackhole
7. Gong Da

Added:

1. KaiXin
2. Sibhost
3. Popads 
4. Alpha Pack
5. Safe Pack
6. Serenity
7. SPL Pack
   
   There are 5 tabs in the bottom of the sheet

1. 2011-2013
2. References
3. 2011 and older
4. List of exploit kits
5. V. 16 with older credits

March 2013
The Explot Pack Table, which has been just updated, has migrated to Google Apps - the link is below. The new format will allow easier viewing and access for those who volunteered their time to keep it up to date.

In particular, I want to thank
L0NGC47, Fibon, and Kafeine  for their help.

There are 5 tabs in the bottom of the sheet

1. 2011-2013
2. References
3. 2011 and older
4. List of exploit kits
5. V. 16 with older credits

The updates include

1. Neutrino  - new
2. Cool Pack - update
3. Sweet Orange - update
4. SofosFO aka Stamp EK - new
5. Styx 2.0 - new
6. Impact - new
7. CritXPack - new
8. Gong Da  - update
9. Redkit - update
10. Whitehole - new
11. Red Dot  - new

The long overdue Exploit pack table Update 17 is finally here. It got a colorful facelift and has newer packs (Dec. 2011-today) on a separate sheet for easier reading.
Updates / new entries for the following 13 packs have been added (see exploit listing below)

1. Redkit 
2. Neo Sploit
3. Cool Pack
4. Black hole 2.0
5. Black hole 1.2.5
6. Private no name
7. Nuclear 2.2 (Update to 2.0 - actual v. # is unknown)
8. Nuclear 2.1  (Update to 2.0 - actual v. # is unknown)
9. CrimeBoss
10. Grandsoft
11. Sweet Orange 1.1 Update to 1.0 actual v. # is unknown)
12. Sweet Orange 1.0
13. Phoenix  3.1.15
14. NucSoft
15. Sakura 1.1 (Update to 1.0  actual v. # is unknown)
16. AssocAID (unconfirmed)  

The full table in xls format - Version 17 can be downloaded from here.  

Exploit lists for the added/updated packs

AssocAID (unconfirmed)

09-'12

CVE-2011-3106

CVE-2012-1876

CVE-2012-1880

CVE-2012-3683

Unknown CVE

5

Redkit

08-'12

CVE-2010-0188

CVE-2012-0507

CVE-2012-4681

3

Neo Sploit

09-'12

CVE-2012-1723

CVE-2012-4681

2?

Cool

08-'12

CVE-2006-0003

CVE-2010-0188

CVE-2011-3402

CVE-2012-0507

CVE-2012-1723

CVE-2012-4681

5

Black hole 2.0

09-'12

CVE-2006-0003

CVE-2010-0188

CVE-2012-0507

CVE-2012-1723

CVE-2012-4681

CVE-2012-4969 promised

5

Black hole 1.2.5

08-'12

CVE-2006-0003

CVE-2007-5659 /2008-0655

CVE-2008-2992

CVE-2009-0927

CVE-2010-0188

CVE-2010-1885

CVE-2011-0559

CVE-2011-2110

CVE-2012-1723

CVE-2012-1889

CVE-2012-4681

11

Private no name

09-'12

CVE-2010-0188

CVE-2012-1723

CVE-2012-4681

3

Nuclear 2.2 (Update to 2.0 - actual v. # is unknown)

03-'12

CVE-2010-0188

CVE-2011-3544

CVE-2012-1723

CVE-2012-4681

4

Nuclear 2.1 (Update to 2.0 - actual v. # is unknown)

03-'12

CVE-2010-0188

CVE-2011-3544

CVE-2012-1723

3

CrimeBoss

09-'12

Java Signed Applet

CVE-2011-3544

CVE-2012-4681

3

Grandsoft

09-'12

CVE-2010-0188

CVE-2011-3544

2?

Sweet Orange 1.1

09-'12

CVE-2006-0003

CVE-2010-0188

CVE-2011-3544

CVE-2012-4681

4?

Sweet Orange 1.0

05-'12

CVE-2006-0003

CVE-2010-0188

CVE-2011-3544

3?

Phoenix  3.1.15

05-'12

CVE-2010-0842

CVE: 2010-0248

CVE-2011-2110

CVE-2011-2140

CVE: 2011-2371

CVE-2011-3544

CVE-2011-3659

Firefox social

CVE: 2012-0500

CVE-2012-0507

CVE-2012-0779

11

NucSoft

2012

CVE-2010-0188

CVE-2012-0507

2

Sakura 1.1

08-'12

CVE-2006-0003

CVE-2010-0806

CVE-2010-0842

CVE-2011-3544

CVE-2012-4681

5

Version 16. April 2, 2012

Thanks to Kahu security
for Wild Wild West graphic 

The full table in xls format - Version 16 can be downloaded from here. 

 

ADDITIONS AND CHANGES:

1. Blackhole Exploit Kit 1.2.3

Added:

1. CVE-2011-0559 - Flash memory corruption via F-Secure
2. CVE-2012-0507 - Java Atomic via Krebs on Security
3. CVE-2011-3544 - Java Rhino  via Krebs on Security

2. Eleonore Exploit Kit 1.8.91 and above- via Kahu Security

Added:

1. CVE-2012-0507 - Java Atomic- after 1.8.91was released
2. CVE-2011-3544 - Java Rhino
3. CVE-2011-3521 - Java Upd.27  see Timo Hirvonen,  Contagio, Kahu Security and Michael 'mihi' Schierl 
4. CVE-2011-2462 - Adobe PDF U3D

Also includes
"Flash pack" (presumably the same as before)
"Quicktime" - CVE-2010-1818 ?

3. Incognito Exploit Pack v.2 and above 

there are rumors that Incognito development stopped after v.2 in 2011 and it is a different pack now. If you know, please send links or files.

Added after v.2 was released:

1. CVE-2012-0507 - Java Atomic

See V.2 analysis via StopMalvertizing

4. Phoenix Exploit Kit v3.1 - via Malware Don't Need Coffee

Added:

1. CVE-2012-0507 -  Java Atomic
2. CVE-2011-3544 -  Java Rhino + Java TC (in one file)

5. Nuclear Pack v.2 - via TrustWave Spiderlabs

1. CVE-2011-3544 Oracle Java Rhino
2. CVE-2010-0840 JRE Trusted Method Chaining
3. CVE-2010-0188 Acrobat Reader  – LibTIFF
4. CVE-2006-0003 MDAC

6. Sakura Exploit Pack > v.1 via DaMaGeLaB

1. CVE-2011-3544 - Java Rhino (It was in Exploitpack table v15, listing it to show all packs with this exploit)

7. Chinese Zhi Zhu Pack via Kahu Security and Francois Paget (McAfee)

1. CVE-2012-0003 -  WMP MIDI 
2. CVE-2011-1255 - IE Time Element Memory Corruption
3. CVE-2011-2140 - Flash 10.3.183.x
4. CVE-2011-2110 - Flash 10.3.181.x 
5. CVE-2010-0806 - IEPeers

8. Gong Da Pack via Kahu Security 

1. CVE-2011-2140  - Flash 10.3.183.x
2. CVE-2012-0003 -  WMP MIDI  
3. CVE-2011-3544 - Java Rhino 

9. Dragon Pack - via DaMaGeLab  December 2010 - it is old, listing for curiosity sake

1. CVE-2010-0886 - Java SMB
2. CVE-2010-0840 - JRE Trusted Method Chaining
3. CVE-2008-2463 - Snapshot
4. CVE-2010-0806 - IEPeers
5. CVE-2007-5659/2008-0655 - Collab.collectEmailInfo
6. CVE-2008-2992 - util.printf
7. CVE-2009-0927 - getIco
8. CVE-2009-4324 - newPlayer

Version 15. January 28, 2012

Additions - with many thanks to Kahu Security

 Hierarchy Exploit Pack
=================
CVE-2006-0003
CVE-2009-0927
CVE-2010-0094
CVE-2010-0188
CVE-2010-0806
CVE-2010-0840
CVE-2010-1297
CVE-2010-1885
CVE-2011-0611
JavaSignedApplet

Siberia Private
==========
CVE-2005-0055
CVE-2006-0003
CVE-2007-5659
CVE-2008-2463
CVE-2008-2992
CVE-2009-0075
CVE-2009-0927
CVE-2009-3867
CVE-2009-4324
CVE-2010-0806

Techno XPack
===========
CVE-2008-2992
CVE-2010-0188
CVE-2010-0842
CVE-2010-1297
CVE-2010-2884
CVE-2010-3552
CVE-2010-3654
JavaSignedApplet

"Yang Pack"
=========
CVE-2010-0806
CVE-2011-2110
CVE-2011-2140
CVE-2011-354

Version 14. January 19, 2012

Version 14 Exploit Pack table additions:

Credits for the excellent Wild Wild West (October 2011 edition) go to kahusecurity.com

With many thanks to  XyliBox (Xylitol - Steven),  Malware Intelligence blog,  and xakepy.cc for the information:

1. Blackhole 1.2.1  (Java Rhino added, weaker Java exploits removed)
2. Blackhole 1.2.1 (Java Skyline added)
3. Sakura Exploit Pack 1.0  (new kid on the block, private pack)
4. Phoenix 2.8. mini (condensed version of 2.7)
5. Fragus Black (weak Spanish twist on the original, black colored admin panel, a few old exploits added)

If you find any errors or CVE information for packs not featured , please send it to my email (in my profile above, thank you very much) .

 
The full table in xls format - Version 14 can be downloaded from here. 

The exploit pack table in XLSX format
The exploit pack table in csv format 

The references sheet in csv format 

P.S. There are always corrections and additions thanks to your feedback after the document release, come back in a day or two to check in case v.15 is out.

Version 13. Aug 20, 2011

Kahusecurity issued an updated version of their Wild Wild West graphic that will help you learn Who is Who in the world of exploit packs. You can view the full version of their post in the link above.

Version 13 exploit pack table additions:

1. Bleeding Life 3.0
2. Merry Christmas Pack (many thanks to kahusecurity.com)+
3. Best Pack (many thanks to kahusecurity.com)
4. Sava Pack (many thanks to kahusecurity.com)
5. LinuQ 
6. Eleonore 1.6.5
7. Zero Pack
8. Salo Pack (incomplete but it is also old)

List of packs in the table in alphabetical order

1. Best Pack
2. Blackhole Exploit 1.0
3. Blackhole Exploit 1.1
4. Bleeding Life 2.0
5. Bleeding Life 3.0
6. Bomba
7. CRIMEPACK 2.2.1
8. CRIMEPACK 2.2.8
9. CRIMEPACK 3.0
10. CRIMEPACK 3.1.3
11. Dloader
12. EL Fiiesta
13. Eleonore 1.3.2
14. Eleonore 1.4.1
15. Eleonore 1.4.4 Moded
16. Eleonore 1.6.3a
17. Eleonore 1.6.4
18. Eleonore 1.6.5
19. Fragus 1
20. Icepack
21. Impassioned Framework 1.0
22. Incognito
23. iPack
24. JustExploit
25. Katrin
26. Merry Christmas Pack
27. Liberty  1.0.7
28. Liberty 2.1.0*
29. LinuQ pack
30. Lupit
31. Mpack
32. Mushroom/unknown
33. Open Source Exploit (Metapack)
34. Papka
35. Phoenix  2.0 
36. Phoenix 2.1
37. Phoenix 2.2
38. Phoenix 2.3
39. Phoenix 2.4
40. Phoenix 2.5
41. Phoenix 2.7
42. Robopak
43. Salo pack
44. Sava Pack
45. SEO Sploit pack
46. Siberia
47. T-Iframer
48. Unique Pack Sploit 2.1
49. Webattack
50. Yes Exploit 3.0RC
51. Zero Pack
52. Zombie Infection kit
53. Zopack

----------------------------------------------
Bleeding Life 3.0
New Version Ad is here 

Merry Christmas Pack read analysis at kahusecurity.com	Best Pack read analysis at  kahusecurity.com	Sava Pack read analysis at kahusecurity.com
Eleonore 1.6.5  [+] CVE-2011-0611 [+] CVE-2011-0559 [+] CVE-2010-4452 [-] CVE-2010-0886	Salo Pack Old (2009), added just for the collection	Zero Pack 62 exploits from various packs (mostly Open Source pack)
LinuQ pack Designed to compromise linux servers using vulnerable PHPMyAdmin. Comes with DDoS bot but any kind of code can be loaded for Linux botnet creation. LinuQ pack is PhpMyAdmin exploit pack with 4 PMA exploits based on a previous Russian version of the Romanian PMA scanner ZmEu. it is not considered to be original, unique, new, or anything special. All exploits are public and known well. It is designed to be installed on an IRC server (like UnrealIRCD). IP ranges already listed in bios.txt can be scanned, vulnerable IPs and specific PMA vulnerabilities will be listed in vuln.txt, then the corresponding exploits can be launched against the vulnerable server. It is more like a bot using PMA vulnerabilities than exploit pack. It is using CVE-2009-1148 (unconfirmed) CVE-2009-1149 (unconfirmed) CVE-2009-1150 (unconfirmed) CVE-2009-1151 (confirmed)

 ====================================================================

Version 12. May 26, 2011

additional changes (many thanks to kahusecurity.com)

Bomba

Papka

See the list of packs covered in the list below


The full table in xls format - Version 12 can be downloaded from here.

I want to thank everyone who sent packs and information  :)

Version 11 May 26, 2011 Changes:

1. Phoenix2.7
2. "Dloader" (well, dloader is a loader but the pack is  some unnamed pack http://damagelab.org/lofiversion/index.php?t=20852)
3. nuclear pack
4. Katrin
5. Robopak
6. Blackhole exploit kit 1.1.0
7. Mushroom/unknown
8. Open Source Exploit kit
   

====================================================================

10. May 8, 2011 Version 10        Exploit Pack Table_V10May11
First, I want to thank everyone who sent and posted comments for updates and corrections. 

*** The Wild Wild West picture is from a great post about evolution of exploit packs by Kahu Security  Wild Wild West Update


As usual, send your corrections and update lists.

Changes:

• Eleonore 1.6.4
• Eleonore 1.6.3a
• Incognito
• Blackhole

Go1Pack  (not included) as reported as being a fake pack, here is a gui. Here is a threatpost article referencing it as it was used for an attack 
Also, here is another article claiming it is not a fake http://community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx
Go1 Pack CVE are reportedly
CVE-2006-0003
CVE-2009-0927
CVE-2010-1423
CVE-2010-1885
Does anyone have this pack or see it offered for sale?

Exploit kits I am planning to analyze and add (and/or find CVE listing for) are:

• Open Source Exploit Kit
• SALO
• K0de

Legend: 

Black color entries by Francois Paget

Red color entries by Gunther

Blue color entries by Mila

Also, here is a great presentation by Ratsoul (Donato Ferrante) about Java Exploits (http://www.inreverse.net/?p=1687)

--------------------------------------------------------
 9.  April 5, 2011  Version 9        ExploitPackTable_V9Apr11

It actually needs another update but I am posting it now and will issue version 10 as soon as I can.

Changes:
Phoenix 2.5
IFramer
Tornado
Bleeding life

Many thanks to Gunther for his contributions.
If you wish to add some, please send your info together with the reference links. Also please feel free to send corrections if you notice any mistakes

8. Update 8 Oct 22, 2010 Version 8 ExploitPackTable_V8Oct22-10

Changes: 

1. Eleonore 1.4.4 Moded added (thanks to malwareint.blogspot.com)
2. Correction on CVE-2010-0746 in Phoenix 2.2 and 2.3. It is a mistake and the correct CVE is CVE-2010-0886 (thanks to
   ♫
   etonshell for noticing)
   
3. SEO Sploit pack added (thanks to whsbehind.blogspot.com,  evilcodecave.blogspot.com and blog.ahnlab.com)

7. Update 7 Oct 18, 2010 Version 7 ExploitPackTable_V7Oct18-10 released

 thanks to SecNiche we have updates for Phoenix 2.4 :)

  

We also added shorthand/slang/abbreviated names for exploits for easy matching of exploits to CVE in the future. Please send us more information re packs, exploit names that can be added in the list. Thank you!

 

6. Update 6 Sept 27, 2010 Version 6 ExploitPackTable_V6Sept26-10 released

 Thanks to Francois Paget (McAfee) we have updates for Phoenix 2.2 and Phoenix 2.3

5. Update 5. Sept 27, 2010 Version 5 ExploitPackTable_V5Sept26-10 released

Added updates for Phoenix 2.1 and Crimepack 3.1.3

  

4 Update 4  July 23, 2010  Version 4 ExploitPackTable_V4Ju23-10 released. Added a new Russian exploit kit called Zombie Infection Kit to the table. Read more at malwareview.com

Update 3  July 7, 2010. Please read more about this on the Brian Krebs' blog Pirate Bay Hack Exposes User Booty 

Update 2 June 27, 2010 Sorry but Impassioned Framework is back where it belongs - blue

Update 1 June 24, 2010 Eleonore 1.4.1 columns was updated to include the correct list of the current exploits.

Francois Paget  www.avertlabs.com kindly agreed to allow us to make additions to his Overview of Exploit Packs table published on Avertlabs (McAfee Blog)

Many thanks to Gunther from ARTeam for his help with the update. There are a few blanks and question marks, please do no hesitate to email me if you know the answer or if you see any errors.

Please click on the image below to expand it (it is a partial screenshot)  Impassioned Framework is tentatively marked a different color because the author claims it is a security audit tool not exploit pack. However, there was no sufficient information provided yet to validate such claims. The pack is temporarily/tentatively marked a different color. We'll keep you posted.

More info

1. Ethical Hacker Tools
2. Best Pentesting Tools 2018
3. Pentest Tools List
4. Hack Tool Apk
5. Hacking Tools Free Download
6. Hack Tools For Windows
7. Hacking Tools Mac
8. Ethical Hacker Tools
9. Hacking Tools Hardware
10. Pentest Tools Url Fuzzer
11. Hack Tools Github
12. Hacker Tools Hardware
13. Hack Tools Online
14. Hacker Tools Hardware
15. Hacking Tools Hardware
16. What Is Hacking Tools
17. How To Make Hacking Tools
18. Pentest Tools Online
19. Hacking Tools Hardware
20. Hacker Tools
21. Pentest Tools For Mac
22. Hacker Tool Kit
23. Hacking Tools For Mac
24. Hacking Tools Usb
25. Pentest Tools Free
26. Hacking Tools For Windows 7
27. Hacker Tools
28. Hacking Tools Pc
29. Hack Tools
30. Hacker Techniques Tools And Incident Handling
31. Hack Website Online Tool
32. Hacking Tools For Windows
33. Hack And Tools
34. Android Hack Tools Github
35. Pentest Tools
36. Tools For Hacker
37. Pentest Tools Alternative
38. Hacker Tools Free Download
39. Best Hacking Tools 2019
40. Hack Tool Apk
41. Github Hacking Tools
42. Pentest Tools Open Source
43. Growth Hacker Tools
44. Hacker Tools For Pc
45. Hacker Tools 2020
46. Hacking Tools
47. How To Hack
48. Hacker Tools Github
49. Tools Used For Hacking
50. Hacking Tools For Beginners
51. What Are Hacking Tools
52. Hacking Tools Software
53. Hacking Tools Windows
54. Hacker Tools Linux