一种新升级的公式编辑器漏洞武器化工具已投入使用

概述

近期,一种在野大量出现的漏洞类钓鱼文档引起了我们的注意。这些钓鱼文档以docx和xlsx类型为主,搭载了cve-2017-11882或cve-2018-0798公式编辑器漏洞,用于投放Lokibot、AgentTesla等已知的木马程序。通过对这些钓鱼文档的进一步分析,我们发现这些文档中漏洞利用部分的构造形式与其他已知形式有一定差异,因此判定一种新升级的公式编辑器漏洞武器化工具已投入使用。这种漏洞利用工具实现了对多种已知漏洞的稳定构建,并且可能已被一个名为sweed的已知黑客团体滥用。

cve-2018-0798漏洞利用文档

我们最先关注到的是一种搭载了cve-2018-0798漏洞的xlsx类型文档。

cve-2018-0798是在最早的公式编辑器漏洞cve-2017-11882被修补之后出现的衍生型漏洞,漏洞逻辑与cve-2017-11882相似,同样是源自EQNEDT32.exe程序未对复制长度进行检查而引发的栈溢出问题。由于cve-2018-0798的触发点在cve-2017-11882之后,需要在经过cve-2017-11882的触发点且并未造成栈溢出的情况下才能被利用,因此黑客对该漏洞的关注程度较低。

直到2021年4月之前,cve-2017-11882在野样本以一种通过武器化工具生成的rtf类型文档为主,这种rtf文档在实现漏洞利用时需要制作一段较为复杂的ROP链,并在主体shellcode中通过修改并调用msvcrt.dll的clearerr函数实现必须的API调用。然而,或许是因为这种技巧产生了多余的运行难度和行为特征,导致这种漏洞rtf文档的整体数量较少。

近期大量出现的cve-2018-0798漏洞利用文档,对整个漏洞利用流程进行了简化。这种新的利用方式找到了存储于栈中的ole流地址,通过简单的ROP跳转至目标位置。同时,因为该方式放弃了对ASLR的绕过,因此需要与cve-2017-11882文档相同的利用条件。

其恶意ole流格式如下图所示:

在EQNEDT32.exe程序中,当漏洞函数sub_443F6C被触发后,ole流中长度为0x3C的蓝色部分被填充至栈中,两个返回地址0x450650、0x44C329被写入:

两次ROP后,程序的栈顶刚好保存了ole流的地址,程序在下次RETN是即被引导至该位置:

shellcode部分沿用了此类漏洞文档中常见的设计,代码通过call或通过ebp获取自身位置,进而定位一块加密代码段,随后使用异或键算法生成动态异或键并解密加密代码:

跳转至解密后的代码之后,程序利用Urlmon程序进行下一阶段载荷的下载、转存和运行。

cve-2017-11882漏洞利用文档

在研究上述样本的同时,我们也发现了大量疑似使用相同生成工具创建的cve-2017-11882漏洞利用文档。

这些cve-2017-11882漏洞利用文档在构造上与常见的同类型样本基本相同,会将引导用的shellcode与一个返回地址组合,构成用于引发栈溢出的0x30长度数据:

这段引导shellcode使用了经典的通过windows API函数GolbalLock定位流地址的模式,获得主体shellcode的入口:

主体shellcode使用与前述相同逻辑的异或键算法生成动态异或键并解密加密代码,解密后的代码同样是执行下载功能的shellcode。

特征

使用这种武器化工具产生的漏洞ole对象,会在带有实际载荷的流(通常名为ole10Native、Equation Native或Microsoft Equation 3.0)的前部或后部加入一个随机名称的空流:

另外一点有趣的是,这种武器化工具构建的恶意ole对象的尾部都会附加以大量0x0D字节和大量ascii字符组成的无意义数据,使整个漏洞文档的大小膨胀至数百kb以上:

此外,这一批漏洞文档释放的诱饵内容通常包含以下几种形式:

  1. 严重模糊的某种卡片的照片:

2.显示RSA密钥的图片:

3.搞笑的“铁棒拼音”:

4.某种早在2020年上半年就在使用的不明含义列表:

后续载荷与关联

目前,这些新型漏洞文档投递的最终阶段木马仍以钓鱼邮件领域最常见的LokiPWS和AgentTesla为主。这些载荷的相同点是会经由一个或多个dropper程序,从资源段中提取隐写图像、加密数据等内容,解密并运行最终的木马:

目前,一个被cisco定名为sweed的组织(https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html)会大量制作漏洞钓鱼文档并投放上述木马。因此,本次发现的新型漏洞文档可能是该组织或其背后的上级组织对既有的武器化工具进行升级的结果。

IoC

url

http[:]//specificatioo.s3-ap-southeast-1.amazonaws.com/ktrl.exe
http[:]//31.210.20.6/4C/Hwieh.exe
https[:]//cutt.ly/Qbd2Kqo
https[:]//l.linklyhq.com/l/QqGb
http[:]//urll.link/9PC5EYTjH
https[:]//is.gd/EuObyy
http[:]//myhostisstillgood11.zapto.org/dashboard/docs/images/nd.exe
https[:]//l.linklyhq.com/l/QntV
http[:]//107.173.191.48/win/vbc.exe
http[:]//31.210.20.6/4C/Dwmnrn.exe
http[:]//31.210.20.6/4C/Cfzprazem.exe
http[:]//31.210.20.6/4C/fdgfh41.exe
https[:]//l.linklyhq.com/l/QqGH
http[:]//urll.link/VFTvTNgAL
http[:]//31.210.20.6/4C/Ezr.exe
https[:]//is.gd/XML7vc
https[:]//cutt.ly/obd2ovC
https[:]//coolzcap.com/scss/serv/zxdoiu/zxdoiu.exe
http[:]//31.210.20.6/4C/Xcsyck.exe
https[:]//cutt.ly/Gbd0bjY
http[:]//91.218.113.67/win/vbc.exe
http[:]//107.173.191.48/deck/chrome.exe
http[:]//31.210.20.6/4C/Tetiyb.exe
http[:]//31.210.20.6/4C/Bnazvp.exe
https[:]//is.gd/dzH2tm
https[:]//is.gd/bZNK93
https[:]//is.gd/mDrZZ2
https[:]//cutt.ly/Hbd0DL6
http[:]//31.210.20.6/RT/Efhadpd.exe
http[:]//31.210.20.6/4C/Kvinolsz.exe
http[:]//urll.link/inWQE7BG0
http[:]//31.210.20.6/4C/PL_0251_730_69.exe
http[:]//190.14.37.244/6mBO745tW2ynL9u.exe
https[:]//miolouno.s3-us-west-2.amazonaws.com/kontrolfile.exe

hash

01940044b1e58539593c8ea060256661044909dcac749fd8376f04004acd081aCVE_2018_0798_ole_newformat
0d7465933a44dc4b102b285aaefef7a0e4e73a84e8ca866297708a94efc80ec1CVE_2018_0798_ole_newformat
1e24d6d3bb7a85d0570588a2610185505ce1971c39f3c2c3a10bfc1e9ed4a0fcCVE_2018_0798_ole_newformat
1ed29a88fa15c96c1d7d7bc21e657efecd574edbae997514e90369e14813595fCVE_2018_0798_ole_newformat
28e94414cd6d55f34ff096cb51a5e580170be54389b147f35e1517f272a48d51CVE_2018_0798_ole_newformat
294372a03dedfe642ce7a7dfe0a1c9f506500206ded865ba34526a697165f44cCVE_2018_0798_ole_newformat
333014c4dc97bc9daa32376502351b7504e15769ca9a287d1fe418c60bdd139fCVE_2018_0798_ole_newformat
34fb84766eea3d1d3af28c2b667fd3ed8e40a926b00446509108d47522459176CVE_2018_0798_ole_newformat
364fa12fce9f4eef104fdabe0073fb58f1bdf2fe1e8fc90c223ca936415446e6CVE_2018_0798_ole_newformat
3b1ee7c01ea2609578bdaed1e1a8c045bd4b9ea9cc4d511f3b3cb86c16cea5c0CVE_2018_0798_ole_newformat
3f44d2d74b50cdee541da6cfba0ada52916b22a4929c75edf3c21bcc2c202889CVE_2018_0798_ole_newformat
43c26557191aebb176a7da2d8d4acc479aa7abf058b5813e5a1a72037a08edecCVE_2018_0798_ole_newformat
460678570a64feadedff240652b15673983af50287a8c2497545861e0c4366b8CVE_2018_0798_ole_newformat
4ee28dc49ddb04515bac910ca6ea58c0009131d33a3cb35f54aa9f0ae909b186CVE_2018_0798_ole_newformat
5053ddfcb6a52508660a3b292a6740fa8831fa242b0ff82095373d4735a8f4a3CVE_2018_0798_ole_newformat
51fba68e6c60ed04c406fe3be97838b0be486f21f511fbe39482159298e46da5CVE_2018_0798_ole_newformat
532bad37b15f7e101d30a7bb0afed6e10408665f4388437f3a3896cdab06c9c5CVE_2018_0798_ole_newformat
5a19524807b9ab12d1d389ea2f86000273320e7e2072e99494997af94e28691fCVE_2018_0798_ole_newformat
5cbffe4895f6d0903937a7d35afb9b97cacdb81ee6ca38aab51349d97451f341CVE_2018_0798_ole_newformat
64093c4c2caf986fdb0a68956949cf61404cedd929c0ed1b77f85f76d7e668dcCVE_2018_0798_ole_newformat
89ac5c42fdd5e69ce4bc454cde7b42bd0076e64ecb15913b4d1c6702221e9662CVE_2018_0798_ole_newformat
8ef9be6aa199af412048fda0f78f6e0b94599fd29eef95ea05b2d8970c18f49dCVE_2018_0798_ole_newformat
a69eeae959ea4f05ff1f04997d9c3c81153332185b109fd2a4d723d1faae203bCVE_2018_0798_ole_newformat
b37eb666e750404ec4773de0a1e6790986ee448400f5960ea8dbf67bd9f2a16bCVE_2018_0798_ole_newformat
b46672eac4e99f2f3fc7fc4b82fb9c07aba7947316ec513db2d3e37a0a4b3107CVE_2018_0798_ole_newformat
bd3a67ff5ffb80df34bcb5068ac3b29b06a548805ac5289b2f0eeb41d0b5fb12CVE_2018_0798_ole_newformat
c873e9ca7404ade193e58975b15d6186dbe7c0485f4610de07be3d919dfcb87eCVE_2018_0798_ole_newformat
e0b80b2682472d07eea37e34de468a6c338d3ed3bdfff0aab20532428c457672CVE_2018_0798_ole_newformat
e87b7fd9e475e6944f4ee2d39127fc3756bc82e917a196c26a083a0fe1a2e7c9CVE_2018_0798_ole_newformat
e955d0266668058fc1e21e1ca973a24822fd138210bee9379c73499b7c0dba4aCVE_2018_0798_ole_newformat
eed7a5d7a71524ec2465a8230fb7a69a00d180840e3b0a91f354c94ea7211102CVE_2018_0798_ole_newformat
fd7d5b87223c79ba00e1773a74944af176008a0eb8613caa48e68026cf2035aeCVE_2018_0798_ole_newformat
fe98d4a4cec3c4e3ff9ffe76290f9ad2d3ab8f3c4302595ca23cbea9f0ac0381CVE_2018_0798_ole_newformat
ff9a68101198f6cf43af372d52a8c784f859873c005543c245e06822cd113e5eCVE_2018_0798_ole_newformat
0b163ab5d200f4dc4658d0963e9cbe8508217382e61f8ab97799b61086178124CVE_2018_0798_ole_newformat
110cc4e0f8af591585be900b5ebdf893f012ae74024129e5b18768bc7d9e35a4CVE_2018_0798_ole_newformat
11b910dd387ee95d834a157e1854301db8bdaba326e6114aa217dd3bfd967771CVE_2018_0798_ole_newformat
153347a81aabc4770a57f037f973d423e9748df45f1f1084882983e4a3a7e21bCVE_2018_0798_ole_newformat
2bf8d828d50a3cf43caad1ed5dc55e5cbb0b02dce62f9be9894d7745c53b576dCVE_2018_0798_ole_newformat
3106ee764691bdda663a849b34ff0492f8ab545eb89495f6aa754f6a00acf76fCVE_2018_0798_ole_newformat
31f85101badc24fb2cad347955d892aa6f8db7e35a59bc41ebc0a97f5cdd22bdCVE_2018_0798_ole_newformat
38e3818e47762f30d6ae9689c398c9e3adc43c6d674158637745328d072be907CVE_2018_0798_ole_newformat
4dd84e06b96f5f848cd112ac707d2a0b22245da255f69e4bac6179b749c13233CVE_2018_0798_ole_newformat
5eff5357cb6208fba369e4b100b595d08bd791bebda688131c77613cdcab82bbCVE_2018_0798_ole_newformat
661555be2eea1f6b2b8ef5ac72a60d7b721958c502c72683223ebbf643609f45CVE_2018_0798_ole_newformat
71b3b8edff2bf3bab0575fe5b465dea50b3dd9f8d95d80770e1d74a18d691104CVE_2018_0798_ole_newformat
7909a7a933203ffa1f7188a38ea06b8fd3725aa1987b4066b2fa1a23fe2789cbCVE_2018_0798_ole_newformat
7c26b896ec6d6aeeb8430321244816edb0910c928a3d2aa086283542a849b364CVE_2018_0798_ole_newformat
8514f6f245ed5e92cf27c759157753a266404d5636ff15cd33e5f8b06a756f53CVE_2018_0798_ole_newformat
8fb24350a861600335c225483d0ee05ebf2b28f7e91f67ada88e0af1d2da8922CVE_2018_0798_ole_newformat
9309d81abeb0a8e779dcd9e63f6ec4ac8dc106b86b723adb42a0004af47b3e0aCVE_2018_0798_ole_newformat
98a7480d298e2c092c07837dfaf320fa81fcd880197831071b0033432d857ac5CVE_2018_0798_ole_newformat
a8def1d54aba3304c4a93d2f23001104bfb014d0295fa7d0c84457cb0ddde000CVE_2018_0798_ole_newformat
b55dfe86fb3c483b376d368b692c928c6e7ef321ebf1240f23ac20f9ef237d6eCVE_2018_0798_ole_newformat
bc49a8d949163802d2b46f08a0998a39376cc5bde24377c4d40e11b8bc4e2409CVE_2018_0798_ole_newformat
bd87a1a84dbe275b9e88cb58b217075abd06beb8935123336de8a8cd2f025471CVE_2018_0798_ole_newformat
c26aef069329dc1a67103b70ff4cb6c5ee73a2a4d806baf3be238304248b696eCVE_2018_0798_ole_newformat
c5bdd37a697a8d6982dc424d577f7b1334a3320c9921ef24c86d40d1336ba81fCVE_2018_0798_ole_newformat
d05a68a8d2428242c97eaa87b92e018487aba8655813b8e23bbf732de093a8d0CVE_2018_0798_ole_newformat
d4eb8d93abbaa8a94e247fe48d6afabff286da345d504f809b2f2359670677acCVE_2018_0798_ole_newformat
d7bc9451d7580f8b0c858457f40e866c992ecc3a6796270febebde386cbbffe4CVE_2018_0798_ole_newformat
d9e2d3c5773a42a23de9cc87be617b98c13157deeadfd5d8f698384f2c681ccdCVE_2018_0798_ole_newformat
d9e356fd48963c0775dcd3831581c084e47d4dc344ac129645b5031bc209f939CVE_2018_0798_ole_newformat
dde326d6bc76918e7c56fc2182b7aef03c4366440becb48227fd05196607d802CVE_2018_0798_ole_newformat
ebce4149c2aee40fb002964374f3fde713f3e59cdfa647bb786de8678a945b45CVE_2018_0798_ole_newformat
f790c071ccc198430cf6d78a3dc10af1f3a9d2ab749441df5915b6b0c8a4c799CVE_2018_0798_ole_newformat
ff541986e82d334dfa688b97ba2981353009e691d5a3780268b4001e8d8bedfdCVE_2018_0798_ole_newformat
086187d456a45491758bf18eea7649f9d76134a175c09418264aed4fa5d656c0CVE_2017_11882_ole_newformat
0c5e171086003ddaecacaff8d43e1725410e6f8163375a7aa4646efca01ce24eCVE_2017_11882_ole_newformat
1027d749b692f052f92b084c9383629d00225105c53896b39b311b2a667af3c5CVE_2017_11882_ole_newformat
125bc6d7bf991a914d0824be7b6d1a23d38363773e9ea126ceb4538aa1693e77CVE_2017_11882_ole_newformat
130ff5d9e339a6ae98402b236d2addd1a85ae8c569bd336f655fe9b274699ab0CVE_2017_11882_ole_newformat
1ec0e422cd919eb9661e7219217221afafb46330ad884e4a3176ae675a1982c7CVE_2017_11882_ole_newformat
209553728796aa77e6196125953fc555a28c829819cbc78fa700322142f98b8aCVE_2017_11882_ole_newformat
25485f88ec1b657b8db13e5d800485a3c4bda637ebd583fafbb2521664401eecCVE_2017_11882_ole_newformat
2569a6e745da777adf89181d634b01c62aa03d09385153ca303cd9f18456e308CVE_2017_11882_ole_newformat
2f88436fe4750535335643c76e5e400bc374a6793ae046373a0e3ca64bb33981CVE_2017_11882_ole_newformat
38bc917160a3275939960904a5f9ec1672b89c1e90993f2a798792232dab4294CVE_2017_11882_ole_newformat
396a378120db799dc81318ef0c4ff4cc500de98e59abc6423282b42ac52bb8dfCVE_2017_11882_ole_newformat
3b050649eeeebc77031e1c0f1e466d3e7f7cc19c6650fa0d4c4aaa8e5927636dCVE_2017_11882_ole_newformat
434dd820018faf0012a5f3a7381c3fd0b8c392f1e28ace34893129b6a19f866bCVE_2017_11882_ole_newformat
4accd43bcabd08491a81a521ab1ab58af895d1f3e7c81bae1abd040388accc63CVE_2017_11882_ole_newformat
4c515a2469594154179327e10a48be5ae55c503b6b68e9525e1458beef33bc7dCVE_2017_11882_ole_newformat
511aedf773b0cf634ddec0ef2b64a45800ecc34800b36bdf020b73951e6e0e4dCVE_2017_11882_ole_newformat
545dbfe8291028c7b9d3f872e9c2d285996e0d3e2cbcd3c345d0237c84f640e9CVE_2017_11882_ole_newformat
58f87156f0400f9f2aa0acadd8616c97fc8454660a9059b6316bdf9527e8f3c2CVE_2017_11882_ole_newformat
68c146b0cb648ee7560f47bcf157c27ba1546b71af5e3525525a4cd42ac7a8c0CVE_2017_11882_ole_newformat
6a9d1281583af6227552f8f08d23fdfddcc2843a8df67a8b2a8ffc4f2b678122CVE_2017_11882_ole_newformat
6ac2fcfe758dd0a824966c5b87b1402cffc765d0a340c8f5d7d30b7c1b35e4beCVE_2017_11882_ole_newformat
6d8f80c4021b082d709400aeb8f5dc104f0fa5fd1bd85a0a249f36ecdc39b59eCVE_2017_11882_ole_newformat
6da53ed9f6b8c177c95951a1d36c8624de8ffc61a293bd38f984ccd6fdf2c3f4CVE_2017_11882_ole_newformat
71655acd05a3a3a2f23093497cbf7ebf9fc7cbf5d589a6124fcf36e9c3a69d50CVE_2017_11882_ole_newformat
76920c8b63f35975834d3a3b1e2f6943849b93dec0ba139d921e7e0b3f085bcaCVE_2017_11882_ole_newformat
76b6984d44d13b0459009465237b96f266ae858a3f29b8eb40adad4a2a1b6b8eCVE_2017_11882_ole_newformat
7f41e28d6cddebd4b203c02ee3df98f65d38f1fab8e40c5aa9ca7ea819969428CVE_2017_11882_ole_newformat
819567f354b6142f450789303c84ac07dc439a530c2e932227a6b7dd88e0039dCVE_2017_11882_ole_newformat
8615d7ce2904a8041d9d4d4c86f32a18860668737f599b82f71bb0a378423140CVE_2017_11882_ole_newformat
90218d7cb53ae4bd40d8620459203e4c18e0b19a4fc76a25e1598d2a7189a13aCVE_2017_11882_ole_newformat
9e49b27cf617b77aebe1d7f5b1f7925ea029d5a717d6dad35ac4da41adabbf41CVE_2017_11882_ole_newformat
9f19977195098562ff01cdc13c39707afbfa9a48b6a123eb1d9602409bf993bcCVE_2017_11882_ole_newformat
9fae628c5cf4a9ee507264e62714b80e8f6f6b72357248105d302df7ddbdc8d6CVE_2017_11882_ole_newformat
a0bbb7dcf08eb0ce2e6fd2d4b9a5520c5632c66f30b249ab2f3365b1184dee3aCVE_2017_11882_ole_newformat
a5475b03ad668160e5603cb8f5eee6b3071e7b739c0af4a8527ef33c58b666ceCVE_2017_11882_ole_newformat
a6f5222037c9fc4161b2481e6483dc7eec4ca7a686ffcf67e5ad92337a8a2613CVE_2017_11882_ole_newformat
aa4348c3cd59a2440af5fcb2f82fa0519ef61da04f1a10073d079ba8ec106601CVE_2017_11882_ole_newformat
ad2d351423383864e77760132d9cc4116639aab47d709684c115949915ccea26CVE_2017_11882_ole_newformat
b338eb94f18e588b320139acb22d12abf1b10161e73401ebf7c27347958be810CVE_2017_11882_ole_newformat
c8b9a92abcbd2529e442536a6799bdcc3fd12d401fa4e24514501054924f68eaCVE_2017_11882_ole_newformat
ca7b897e9e521e619b05f5ae350352267187e786c7f238fcf8ed7df1f349ab70CVE_2017_11882_ole_newformat
caf603673311c9f6f4d807a764b50d532017da4ed53ff3f6b73a72803fd292a1CVE_2017_11882_ole_newformat
cec54526d75492439116309f0a612dc365e29d84e7099ea4ef5850561625f845CVE_2017_11882_ole_newformat
cf63689cc6e0acf4e59833bd30ff053c74e7c8d7ee4e6e09fc95cacf70fa76a0CVE_2017_11882_ole_newformat
d527f59d9349cf8c28eed34e7671387a5ba9c72ac9800ce301759c9fd999d1aaCVE_2017_11882_ole_newformat
d6eab980acc42886ea9c70034de235f7bf1a3705161b069e088a9a4e698f2bc2CVE_2017_11882_ole_newformat
ddeb6791a4da60dca025069b111e1f0ce49b55d232f21d17a555b245f1bc5278CVE_2017_11882_ole_newformat
e1f71cb500ec2e8fb6786326f243d898ff7451f17603b3334bd573d31f6fe8f9CVE_2017_11882_ole_newformat
e252c68798e583c61837002505cc48f3dc098457be6d92e55f1648431294b28bCVE_2017_11882_ole_newformat
e3c7716bbfccb04479d3b656edcc691609d17a749c234c7fbf5df3615e1a1ecdCVE_2017_11882_ole_newformat
e76ae523fd009dfbcd540b3198f29af37e3bbb6b9fa720503bffee7f0676b1beCVE_2017_11882_ole_newformat
efc8fc35f581c53ad9a41e91b1efd187db5afbfb4993ff869407b8c7b4876a46CVE_2017_11882_ole_newformat
f0021cd97aeb98bd70cbe5f99f307803bcb976e35f4c47eb801c14f64ac736feCVE_2017_11882_ole_newformat
fdf843cb0a6861c2432caa10640818683d97871e668b1bc22cc99f39931dfd4bCVE_2017_11882_ole_newformat
04592152617189b60a734c0cfbdb5265b6a42ade875c4e193f91c4a69306b3b6CVE_2017_11882_ole_newformat
07c8de8cffd98f7e9548d0cb51606385701e17f1c8118032de01d5e823591e1dCVE_2017_11882_ole_newformat
0be0ba0705f3ff5e9eb3f77abe36465cae090113b4a4f956433072f79156198cCVE_2017_11882_ole_newformat
0d5820fd50b05ceae5b4746088e9e3bc9768a5b4b36fec7b9b5b45075d0cb7a0CVE_2017_11882_ole_newformat
112c1594a1fc01f9f51cdb48420c8cb1076e5012f505eea24d70a3f9a8bbbaf4CVE_2017_11882_ole_newformat
11dd224099af87c3c99b5f119522dd5bb09749f9eab76932232256f4437054f5CVE_2017_11882_ole_newformat
1337a9fe317f7c9a03ad8b53d99876eb61ba7d846f27b117696da3d156029764CVE_2017_11882_ole_newformat
1533151e98e5e00082dbbc0e4c5a7f6c7d34a6cf080a6727dfa2e831495dde92CVE_2017_11882_ole_newformat
17b7aa8aa68ce8bfb3ec222eafe4e5786ebf5c128844e1682db723f6f9849cc4CVE_2017_11882_ole_newformat
195f8028bfd632ee22ff9c3e25de3b118f0847fb21fbe91ba722ecbbfa5f2869CVE_2017_11882_ole_newformat
29fbb0cb91369e8a736c5750f89ed3a90b4c5f031ad47a289b3132e12a191d1eCVE_2017_11882_ole_newformat
2d69e0526c9d893cadd2bf2e52fb8cb9d1054859f8363f81fca0cad99268f3c1CVE_2017_11882_ole_newformat
2efb5ead574a05afddfd8148a425aea1b11509701ce05fa1c500eb3b67f82d80CVE_2017_11882_ole_newformat
33107fe6b1d208fbde2e04b43e488c2bef4429f1c5634097f240fb18682fbfa7CVE_2017_11882_ole_newformat
372a5b41afc06f25c0c2a27b4bb1a362f4fb9772deb9ad996a7dfe4ad7bd96e3CVE_2017_11882_ole_newformat
3d7d81e61941746f7fac81e9e4dd23f83cdedcfc41b2f090831d916a9e432cf3CVE_2017_11882_ole_newformat
495265292585b3d921bd211c6f1b788744fcdf705a3c646d437afec75eb2ee5eCVE_2017_11882_ole_newformat
4df9a7185463eed74844e06cae2f726de06a03e18ea630ec592875d3ea52b882CVE_2017_11882_ole_newformat
5163cf93c275181d115df7ba015acc10b60e4d7624fb396d4be285a0d60d4bedCVE_2017_11882_ole_newformat
5299caa8131b3b21fb96123e8b9d0ce675bfa5287df1e0703e192e5087e40591CVE_2017_11882_ole_newformat
56084edba384e95e28ef99de02b5ff4031313cd1b0a90b3b35b9e27b3d1f4cbdCVE_2017_11882_ole_newformat
5beb20ce3a3cd778531da9c32f24c2ad13a1bd39d884945482cefdb59ad0be31CVE_2017_11882_ole_newformat
6375b50616f861d29d660ab434f9f87bf96a18c4b651e4cd4c97ee96c22dd6e7CVE_2017_11882_ole_newformat
6733ad71b1efaa05a8b38003fa18b5ba5a8bab8a04b31d1dfe461619791a8b7eCVE_2017_11882_ole_newformat
6d74390b2583f8f8af8117458cfbfffc5b52aa7f215d4500cb3ada2c389ec7e2CVE_2017_11882_ole_newformat
6f7cf666f011ce5825422e4563708d9632d343d7109306a6b9965764c90ef2a3CVE_2017_11882_ole_newformat
76b0dff997aebe25b095625d34976aaf6555a7295af61d79db59ec1e6cea4c95CVE_2017_11882_ole_newformat
8385d3dd64be36b9e7e22315b9e723c90d1b0e54ebb765dabb7d3feeeebc0fd0CVE_2017_11882_ole_newformat
877ae2d00b1b2388a394d72894baba8fe62210ff98e5db2bf42e825a679409b8CVE_2017_11882_ole_newformat
8bb58c6873871cb1548c7e388e4314c78a75d1cf4a3eee3e91dd585a96084352CVE_2017_11882_ole_newformat
95313b387ff3296ad3d4b3f5b0f8297de98f6f5bc1400a3f130a664e41c9df8fCVE_2017_11882_ole_newformat
95e3a14e125c8e21e3c5ae644bb3362da7734cf2b73200249ecbb51bdac664bdCVE_2017_11882_ole_newformat
9ffa4a8076da571bff111f3e8c9160c00d4ef2f8c59e56187f2dc4dc6de90f9eCVE_2017_11882_ole_newformat
a1c98d7ceceafd3ced14c0b2aa5ca4fccca5bdc6a52793b1951e3efcc79018beCVE_2017_11882_ole_newformat
a2a96ff73939324c1fcdaea8ba57731c13b64eb6c9c5f840bab808cef56fe966CVE_2017_11882_ole_newformat
a469e581fb12f528559d402ca8493ac263cc55f7a98f255e7f8dd0977db93c5cCVE_2017_11882_ole_newformat
a53375f4b2faae32e63726dc4f051e82acdb239c377dbbd1a434c46d29837714CVE_2017_11882_ole_newformat
afbea7456af6da5131c0ebcbf55436fdc79809fc2cd35641292e29f18456bc41CVE_2017_11882_ole_newformat
b70ae4c65a49430bf3c5b8727a51a67c8723b4371254e972e1dccd168e28af78CVE_2017_11882_ole_newformat
bccf5bc831f6e28337e22dfb295b1a40b4cc230eea02389678f7fcdb309b840dCVE_2017_11882_ole_newformat
c453f5b664bf13358a1c00237362bc66cb07cf6ba7b9520c8cac2f84799df114CVE_2017_11882_ole_newformat
ca58b756c8e62e70dec3500f21f934445f3e14a806a9623d6ae48e6870157dc3CVE_2017_11882_ole_newformat
d19da06d6ea7d8f8e5b451dc174ba287f91b420607d0e8e8881bae63331a9d20CVE_2017_11882_ole_newformat
d25b1130158b4a93fbc5ee1808f2d76a5c718eab98c433b99611ab907b7ada72CVE_2017_11882_ole_newformat
d3d1f691331783c9278826b6a6bd25466ffa6c9514bb4a7f09ee11321e4e82a2CVE_2017_11882_ole_newformat
d4366668c4b55a927e1d5b7aab8dd18d601a710fa0a28086dd22ec2ef455b9c8CVE_2017_11882_ole_newformat
d4e1391a4c091eb93ee714ad3b7cb38363d1859c156a9c70d34f2176eb17af37CVE_2017_11882_ole_newformat
d745b4373a1db12c38d23c946abce152bf064cd74ed7efd67fcc17e179816240CVE_2017_11882_ole_newformat
d76c946a212f09ab48997b1c555155a1afe2a72af7926df9db2b601fd7b4137dCVE_2017_11882_ole_newformat
d86b93374f6a7b398c35cedb47f9fbb506e2bcb93e5882e12b92f960c8d6b2e4CVE_2017_11882_ole_newformat
ddcea10e5c81fd43d2dc34437c3a494a0d99a575023404233f2b8b3097a35988CVE_2017_11882_ole_newformat
de846ac791561337ffff910b091bb8bc10e5897c1a4fb76e2f32e52a3451495cCVE_2017_11882_ole_newformat
ded951ccea5e1c294c79a4245c9d2ccd5f8495c4d94cf74f7f9f3a9053b6b4b2CVE_2017_11882_ole_newformat
ea68d55ec3df2ebc4174f6799a22cb5b1edd1cae65abe3aa2b782c56bc4a1bbcCVE_2017_11882_ole_newformat
eca7cbadab9d1e6904fb8e7f4825c4f14a83cb85cb61acde616c7d0e7c87b151CVE_2017_11882_ole_newformat
ed137c4b53a2001d1ab430e6b178f210c27eac15b11350bb9d8848dcf860a65dCVE_2017_11882_ole_newformat
ee612c5f5a7ab5d7ab90dbc6553dbe7e0aa40fe61df205226e09ebe1a01aeb37CVE_2017_11882_ole_newformat
ef54c4679350df5a80c2d9f4d009bf07aab8689ebf8909d6491bd877fa2ea1d2CVE_2017_11882_ole_newformat
f3b9e9e482aacaa6d4f37f4e494c1301d2c6469a91eb6c37fd9c221d949b7cacCVE_2017_11882_ole_newformat
fbf49ecf6e1468c6e1987679bf3482c9958fc124a530876e2b117e416e0afb1dCVE_2017_11882_ole_newformat

版权声明

本站“技术博客”所有内容的版权持有者为绿盟科技集团股份有限公司(“绿盟科技”)。作为分享技术资讯的平台,绿盟科技期待与广大用户互动交流,并欢迎在标明出处(绿盟科技-技术博客)及网址的情形下,全文转发。
上述情形之外的任何使用形式,均需提前向绿盟科技(010-68438880-5462)申请版权授权。如擅自使用,绿盟科技保留追责权利。同时,如因擅自使用博客内容引发法律纠纷,由使用者自行承担全部法律责任,与绿盟科技无关。

Spread the word. Share this post!

Meet The Author

伏影实验室专注于安全威胁监测与对抗技术研究。
研究目标包括Botnet、APT高级威胁,DDoS对抗,WEB对抗,流行服务系统脆弱利用威胁、身份认证威胁,数字资产威胁,黑色产业威胁及新兴威胁。通过掌控现网威胁来识别风险,缓解威胁伤害,为威胁对抗提供决策支撑。

Leave Comment