Results for cve-2015-1641

Threat Research

The Curious Case Of The Document Exploiting An Unknown Vulnerability – Part 2: RATs, Hackers and Rihanna

Previously my colleague Wayne talked about an interesting document exploit targeting CVE-2015-1641. In this post, we will talk about who might be behind the attack. We start our correlation with the analysis of the exploit payload - a remote administration tool (RAT) with MD5 6bde5462f45a230edc7e7641dd711505 (detected as MSIL/Agent.QOO!tr). This RAT looks new to us; hence we suspected that it may either be a new RAT family or a custom RAT that was developed for a specific attacker (hacker). It is compiled with Microsoft Visual Basic .NET with...

By Roland Dela PazAugust 24, 2015

Threat Research

The Curious Case Of The Document Exploiting An Unknown Vulnerability – Part 1

Introduction Recently, we came across an unknown document exploit which was mentioned in a blogpost by the researcher @ropchain. As part of our daily routines, we decided to take a look to see if there was something interesting about the document exploit. The sample’s SHA1 used in the analysis is FB434BA4F1EAF9F7F20FE6F49C4375E90FA98069. The file we’re investigating is a Word document called amendment.doc. Understanding the vulnerability In fact, the exploit is not widely covered by AV vendors. Thus it becomes more challenging...

By Wayne Chin Yick LowAugust 20, 2015