When Hackers are Quicker than Antiviruses
Tags
Common Information
| Type | Value |
|---|---|
| UUID | d11a1768-d92d-4817-8cd3-3b672b2c44bf |
| Fingerprint | a808297f2264b483 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 24, 2017, midnight |
| Added to db | Aug. 30, 2024, 11:29 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | When Hackers are Quicker than Antiviruses |
| Title | When Hackers are Quicker than Antiviruses |
| Detected Hints/Tags/Attributes | 52/2/53 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 4 | cards-cbr.ru |
|
| Details | Domain | 5 | swift-alliance.com |
|
| Details | Domain | 80 | portal.msrc.microsoft.com |
|
| Details | Domain | 2 | updatesupermaster.info |
|
| Details | Domain | 5 | visa-pay.com |
|
| Details | Domain | 4 | embedi.com |
|
| Details | Domain | 2 | cve-2017-11882.py |
|
| Details | 2 | a.shevcov@cards-cbr.ru |
||
| Details | 2 | admin@visa-pay.com |
||
| Details | 2 | support@swift-alliance.com |
||
| Details | 2 | support@cards-cbr.ru |
||
| Details | File | 57 | eqnedt32.exe |
|
| Details | File | 2 | rules.rtf |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 3 | out.ps1 |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 3 | changes.rtf |
|
| Details | File | 14 | w.exe |
|
| Details | File | 2 | 3120567.doc |
|
| Details | File | 2 | block.doc |
|
| Details | File | 3 | paywave.doc |
|
| Details | File | 11 | x.txt |
|
| Details | File | 2 | cve-2017-11882.py |
|
| Details | Github username | 3 | embedi |
|
| Details | Github username | 3 | unamer |
|
| Details | md5 | 4 | F360D41A0B42B129F7F0C29F98381416 |
|
| Details | md5 | 4 | 8993F927BEAF8DAA02BB792C86C2B5E0 |
|
| Details | md5 | 4 | D46DF9EACFE7FF75E098942E541D0F18 |
|
| Details | md5 | 4 | C8BCE60C90CE26B0E2B96770071C72D2 |
|
| Details | md5 | 2 | db0d8569bc52e259bd327b10d0317174 |
|
| Details | md5 | 4 | B6F640A14CC416E366E9BF899481FD6A |
|
| Details | sha256 | 5 | 17f9db18327a29777b01d741f7631d9eb9c7e4cb33aa0905670154a5c191195c |
|
| Details | sha256 | 4 | 60656140e2047bd5aef9b0568ea4a2f7c8661a524323111099e49048b27b72c7 |
|
| Details | sha256 | 4 | bc4d2d914f7f0044f085b086ffda0cf2eb01287d0c0653665ceb1ddbc2fd3326 |
|
| Details | sha256 | 4 | 5f434901d4f186bdc92ee679783bdfad80281423848462e445704d5a10b0dc20 |
|
| Details | sha256 | 4 | 5f0d7423d889eb9dce5e79e5bb8202aea335f255bd88e4eabf21bff8890bbc90 |
|
| Details | sha256 | 5 | fb97a028760cf5cee976f9ba516891cbe784d89c07a6f110a4552fc7dbfce5f4 |
|
| Details | IPv4 | 3 | 104.254.99.77 |
|
| Details | IPv4 | 2 | 139.59.89.20 |
|
| Details | IPv4 | 2 | 104.254.99.67 |
|
| Details | IPv4 | 3 | 138.68.234.128 |
|
| Details | IPv4 | 2 | 104.200.67.112 |
|
| Details | IPv4 | 2 | 67.205.190.195 |
|
| Details | IPv4 | 2 | 93.113.131.162 |
|
| Details | Url | 2 | https://github.com/embedi/cve-2017-11882 |
|
| Details | Url | 3 | http://104.254.99.77/out.ps1 |
|
| Details | Url | 3 | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2017-11882 |
|
| Details | Url | 2 | https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about |
|
| Details | Url | 2 | https://github.com/unamer/cve-2017-11882/blob/master/cve-2017-11882.py |
|
| Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Microsoft\Office\XX.X\Common\COM |
|
| Details | Windows Registry Key | 2 | HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\XX.X\Common\COM |