Leave a Reply

6 Comments on "CVE-2017-0199 – 0-day malware delivered by a multitude of different emails."

Notify of
avatar
10000
Sort by:   newest | oldest | most voted
Nyebodnye
Guest
Nyebodnye

All of ours are coming in malformed, so you don’t see an attachment, you see a boundary and base64 text. I had to run it through a converter to get the malware, to then run through virustotal.

Joe Security
Guest

Checkout: https://www.joesecurity.org/reports/report-8b6f6bdefdc6b42abf9f372123152ab2.html
Let us know if you like to get a sponsored Joe Sandbox Cloud Account!

Nyebodnye
Guest
Nyebodnye

Sorry Joe, didn’t realise I was manually doing what your Sandbox did 🙂

Nyebodnye
Guest
Nyebodnye

Scanned image from a Xerox WorkCentre attachment rtf –
used RTFScan.exe (part of OfficeMalScanner) to extract OLE components
URL for my one was here hxxp://rottastics36w.net/template.doc
which is this
https://virustotal.com/en/file/2867d4fee6bde340c05b1e1056d2233190ffd882c18a91cb885e93e0507b609d/analysis/
Sophos aware of the rtf and the doc file.

Nyebodnye
Guest
Nyebodnye
wpDiscuz

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close