With a subject line of a invitation to a Tibetan event, invitation.rar (3026984137716828cf8f55b10bb0069) contained the aptly named "exploit.pdf" which certainly inspires confidence to open the attachment:
exploit.pdf:
EXECUTABLE SCAN: PDF Exploit Embedded Flash may be CVE-2010-1297 (genexploit/full)
REPORT: https://www.vicheck.ca/md5query.php?hash=ee81327f15db183f83815754fbfad5dd
Exploit method detected as genexploit - PDF Exploit Embedded Flash may be CVE-2010-1297.
Confidence ranking: 100 (11 hits).
EXECUTABLE SCAN: PDF Exploit Embedded Flash may be CVE-2010-1297 (genexploit/full)
REPORT: https://www.vicheck.ca/
Exploit method detected as genexploit - PDF Exploit Embedded Flash may be CVE-2010-1297.
Confidence ranking: 100 (11 hits).
Embedded EXE is encrypted with a 256 byte key as well as a simple replacement cipher.
Drops:
Posts
No comments:
Post a Comment