ioc[.]one - OSINT Cyber Threat Intelligence Database

Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack

Tags

country:	China
attack-pattern:	Data Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Vulnerabilities - T1588.006 Powershell - T1086 Rundll32 - T1085 Screen Capture - T1113 Screen Capture

Show in Graph

Common Information

Type	Value
UUID	ff61ed1d-de0a-4416-9e85-d00e026fd4a6
Fingerprint	8a11b111aba48389
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 9, 2018, midnight
Added to db	Jan. 18, 2023, 7:38 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	360 核心安全技术博客
Title	Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack
Detected Hints/Tags/Attributes	72/2/23

Source URLs

	Redirection	Url
Details	Source	http://blogs.360.cn/blog/cve-2018-8174-en/
Details	Source	http://blogs.360.cn/post/cve-2018-8174-en.html

URL Provider

Details	Provider	Source level domain
Details	360.cn	blogs.360.cn

Attributes

Details	Type	#Events	Value
Details	CVE	106	cve-2018-8174
Details	CVE	269	cve-2017-0199
Details	Domain	80	portal.msrc.microsoft.com
Details	File	23	vbscript.dll
Details	File	80	msvcrt.dll
Details	File	82	kernelbase.dll
Details	File	533	ntdll.dll
Details	File	8	invoke-reflectivepeinjection.ps1
Details	File	1	reversemet.dll
Details	File	1018	rundll32.exe
Details	File	9	cliconfg.exe
Details	File	23	searchprotocolhost.exe
Details	File	12	msfte.dll
Details	File	4	ntwdblib.dll
Details	File	1	mo4th2h0.bat
Details	File	94	config.php
Details	Github username	18	empireproject
Details	IPv4	1	185.183.97.28
Details	Pdb	1	c:\workspace\retro\dll-injected-explorer\zlib1.pdb
Details	Pdb	1	c:\workspace\retro\retrodll\zlib1.pdb
Details	Threat Actor Identifier - APT-C	24	APT-C-06
Details	Url	1	https://github.com/empireproject/empire/blob/master/data/module_source/code_execution/invoke-reflectivepeinjection.ps1_
Details	Url	1	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8174