All of the exploits exploit the same vulnerability and all are unpacked SWF files. All have identical actionscript code, which performs an operating system version check. The exploits only work under the following Windows versions: XP, Vista, 2003 R2, 2003, 7, 7×64, 2008 R2, 2008, 8, 8×64. Some of the samples also have a check in place which makes the exploits terminate under Windows 8.1 and 8.1 x64.
Bucktown Bell
Cut to the chase.
