|
Two weeks ago I posted a diary on a report published by Trend Micro on a spear-phishing emails campaign using malicious Word documents exploiting a Microsoft Office vulnerability (CVE-2012-0158). We received a sample of a Word document exploiting CVE-2012-0158 which I took a look at. The file itself is pretty small (325Kb) and based on VirusTotal's MD5 hash report, 30/47 scan engines detected and confirmed it exploits CVE-2012-0158. I used the malwr sandbox to get a better look on how this Word document behaves while running on a Windows system. The one thing I noticed is Yara was positive to check if the file is running in a virtual machine.
[1] https://isc.sans.edu/diary/Safe+-++Tools%2C+Tactics+and+Techniques/15848 ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu |
Guy 523 Posts ISC Handler Jun 1st 2013 |
| Thread locked Subscribe |
Jun 1st 2013 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
