Explotando Word: CVE-2017-11826
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Python - T1059.006 |
Common Information
| Type | Value |
|---|---|
| UUID | 42dee92b-3467-4fb8-9eee-2a2d02b0602b |
| Fingerprint | d30a27b949c0747e |
| Analysis status | IN_PROGRESS |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 11, 2017, midnight |
| Added to db | Dec. 20, 2024, 5:55 a.m. |
| Last updated | Dec. 26, 2024, 3:11 a.m. |
| Headline | Explotando Word: CVE-2017-11826 |
| Title | Explotando Word: CVE-2017-11826 |
| Detected Hints/Tags/Attributes | 50/1/118 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 17 | cve-2017-11826 |
|
| Details | Domain | 10 | decalage.info |
|
| Details | Domain | 4726 | github.com |
|
| Details | Domain | 3 | rtf.py |
|
| Details | Domain | 677 | en.wikipedia.org |
|
| Details | Domain | 39 | schemas.openxmlformats.org |
|
| Details | Domain | 80 | schemas.microsoft.com |
|
| Details | Domain | 252 | system.io |
|
| Details | Domain | 195 | www.tarlogic.com |
|
| Details | File | 13 | decalage.inf |
|
| Details | File | 2 | 'word.doc |
|
| Details | File | 3 | rtf.py |
|
| Details | File | 24 | word.doc |
|
| Details | File | 1 | c:\windows\syswow64\msvbvm60.dll |
|
| Details | File | 2 | cb3429e608144909ef25df2605c24ec253b10b6e99cbb6657afa6b92e9f32fb5_object_0003972d.raw |
|
| Details | File | 2 | cb3429e608144909ef25df2605c24ec253b10b6e99cbb6657afa6b92e9f32fb5_object_00039807.doc |
|
| Details | File | 2 | cb3429e608144909ef25df2605c24ec253b10b6e99cbb6657afa6b92e9f32fb5_object_000538e9.doc |
|
| Details | File | 2 | 00039807.doc |
|
| Details | File | 17 | app.xml |
|
| Details | File | 18 | core.xml |
|
| Details | File | 8 | activex1.bin |
|
| Details | File | 4 | activex1.xml |
|
| Details | File | 2 | activex10.xml |
|
| Details | File | 2 | activex11.xml |
|
| Details | File | 2 | activex12.xml |
|
| Details | File | 2 | activex13.xml |
|
| Details | File | 2 | activex14.xml |
|
| Details | File | 2 | activex15.xml |
|
| Details | File | 2 | activex16.xml |
|
| Details | File | 2 | activex17.xml |
|
| Details | File | 2 | activex18.xml |
|
| Details | File | 2 | activex19.xml |
|
| Details | File | 2 | activex2.xml |
|
| Details | File | 2 | activex20.xml |
|
| Details | File | 2 | activex21.xml |
|
| Details | File | 2 | activex22.xml |
|
| Details | File | 2 | activex23.xml |
|
| Details | File | 2 | activex24.xml |
|
| Details | File | 2 | activex25.xml |
|
| Details | File | 2 | activex26.xml |
|
| Details | File | 2 | activex27.xml |
|
| Details | File | 2 | activex28.xml |
|
| Details | File | 2 | activex29.xml |
|
| Details | File | 2 | activex3.xml |
|
| Details | File | 2 | activex30.xml |
|
| Details | File | 2 | activex31.xml |
|
| Details | File | 2 | activex32.xml |
|
| Details | File | 2 | activex33.xml |
|
| Details | File | 2 | activex34.xml |
|
| Details | File | 2 | activex35.xml |
|
| Details | File | 2 | activex36.xml |
|
| Details | File | 2 | activex37.xml |
|
| Details | File | 2 | activex38.xml |
|
| Details | File | 2 | activex39.xml |
|
| Details | File | 2 | activex4.xml |
|
| Details | File | 2 | activex40.xml |
|
| Details | File | 2 | activex5.xml |
|
| Details | File | 2 | activex6.xml |
|
| Details | File | 2 | activex7.xml |
|
| Details | File | 2 | activex8.xml |
|
| Details | File | 2 | activex9.xml |
|
| Details | File | 65 | document.xml |
|
| Details | File | 13 | fonttable.xml |
|
| Details | File | 70 | settings.xml |
|
| Details | File | 23 | styles.xml |
|
| Details | File | 15 | theme1.xml |
|
| Details | File | 18 | websettings.xml |
|
| Details | File | 2 | 000538e9.doc |
|
| Details | File | 2 | endnotes.xml |
|
| Details | File | 2 | footnotes.xml |
|
| Details | File | 3 | c:\windows\syswow64\uiautomationcore.dll |
|
| Details | File | 2 | c:\windows\syswow64\psapi.dll |
|
| Details | File | 2 | c:\windows\syswow64\oleacc.dll |
|
| Details | File | 1 | msconv97.dll |
|
| Details | File | 12 | shdocvw.dll |
|
| Details | File | 2 | c:\windows\syswow64\shdocvw.dll |
|
| Details | File | 36 | wwlib.dll |
|
| Details | File | 1 | c:\users\user\desktop\h1.txt |
|
| Details | File | 2 | tag_bin.py |
|
| Details | File | 3 | test.bin |
|
| Details | File | 2 | replace_offset.py |
|
| Details | File | 2 | spray.doc |
|
| Details | File | 2 | trigger.doc |
|
| Details | File | 2 | cdfreplace.exe |
|
| Details | File | 2 | original.rtf |
|
| Details | File | 2 | tmp.rtf |
|
| Details | File | 2 | final.rtf |
|
| Details | File | 3 | test.rtf |
|
| Details | File | 23 | msvbvm60.dll |
|
| Details | File | 2 | gadgets.txt |
|
| Details | File | 822 | kernel32.dll |
|
| Details | File | 2 | asd.bmp |
|
| Details | File | 3 | pwn.asm |
|
| Details | File | 3 | block_api.asm |
|
| Details | File | 2 | mydata.url |
|
| Details | File | 2 | pwn.bin |
|
| Details | File | 219 | www.tar |
|
| Details | Github username | 17 | decalage2 |
|
| Details | md5 | 2 | 0123456789ABCDEF0123456789ABCDEF |
|
| Details | sha256 | 2 | cb3429e608144909ef25df2605c24ec253b10b6e99cbb6657afa6b92e9f32fb5 |
|
| Details | sha256 | 2 | 2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce |
|
| Details | IPv4 | 1582 | 127.0.0.1 |
|
| Details | Url | 2 | https://decalage.info/python/oletools |
|
| Details | Url | 2 | https://github.com/decalage2/oletools/issues |
|
| Details | Url | 2 | https://en.wikipedia.org/wiki/compound_file_binary_format |
|
| Details | Url | 2 | https://schemas.openxmlformats.org/package/2006/relationships |
|
| Details | Url | 2 | https://schemas.openxmlformats.org/officedocument/2006/relationships/control |
|
| Details | Url | 2 | https://schemas.openxmlformats.org/officedocument/2006/relationships/websettings |
|
| Details | Url | 2 | https://schemas.openxmlformats.org/officedocument/2006/relationships/theme |
|
| Details | Url | 2 | https://schemas.openxmlformats.org/officedocument/2006/relationships/settings |
|
| Details | Url | 2 | https://schemas.openxmlformats.org/officedocument/2006/relationships/styles |
|
| Details | Url | 2 | https://schemas.openxmlformats.org/officedocument/2006/relationships/fonttable |
|
| Details | Url | 2 | https://schemas.openxmlformats.org/officedocument/2006/relationships/image |
|
| Details | Url | 2 | https://schemas.microsoft.com/office/2006/activex |
|
| Details | Url | 2 | https://schemas.openxmlformats.org/officedocument/2006/relationships |
|
| Details | Url | 2 | https://schemas.microsoft.com/office/2006/relationships/activexcontrolbinary |
|
| Details | Url | 2 | https://127.0.0.1:8000/asd.bmp |
|
| Details | Windows Registry Key | 1 | HKEY_CLASSES_ROOT\WOW6432Node\CLSID |