FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY | Mandiant
Tags
cmtmf-attack-pattern: Code Injection
country: Russia
attack-pattern: Data Code Injection - T1540 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Visual Basic - T1059.005 Mshta - T1170 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 0c15ffeb-4320-4c7f-84aa-e76a5df35a3f
Fingerprint a66119210ab3d781
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 12, 2017, midnight
Added to db Nov. 9, 2023, 12:27 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
Title FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY | Mandiant
Detected Hints/Tags/Attributes 38/3/15
Source URLs
Redirection Url
Details Source https://www.mandiant.com/resources/blog/zero-day-used-to-distribute-finspy
Details Source https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
URL Provider
Details Provider Source level domain
Details fireeye.com www.fireeye.com
Details mandiant.com www.mandiant.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 330 Threat Intelligence https://www.mandiant.com/resources/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 57 
cve-2017-8759
Details CVE 269 
cve-2017-0199
Details Domain 2 
referencesource.microsoft.com
Details Domain 1 
system.runtime.remoting.ni
Details File 1 
проект.doc
Details File 1 
wsdlparser.cs
Details File 1 
base.config
Details File 59 
csc.exe
Details File 16 
ni.dll
Details File 456 
mshta.exe
Details File 2 
word.db
Details File 2 
left.jpg
Details md5 1 
fe5c4d6bb78e170abf5cf3741868ea4c
Details md5 2 
a7b990d5f57b244dd17e9a937a41e7f5
Details Url 1 
http://referencesource.microsoft.com