{"vulnerability": "cve-2017-0199", "sightings": [{"uuid": "a112d36b-d3c3-401f-a74e-965711e8372d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/590973fc-fde0-4011-ae32-1fe2bce2ab96", "content": "", "creation_timestamp": "2017-06-09T08:50:53.000000Z"}, {"uuid": "9453160d-b58e-4ce9-8fb4-c2f980b68c1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/59380d29-0bc0-472f-9019-64c8ac12042b", "content": "", "creation_timestamp": "2017-06-07T15:36:16.000000Z"}, {"uuid": "f44a1329-8e31-4855-a82a-7f53e9c5fe1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/595a1543-e8fc-40d1-a1be-4bc6ac12042b", "content": "", "creation_timestamp": "2017-07-03T10:16:30.000000Z"}, {"uuid": "3c4ec112-65c4-4b3e-85de-8a1b01ad7df4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5970b085-61c4-42da-a7c8-45f0ac12042b", "content": "", "creation_timestamp": "2017-07-21T07:37:15.000000Z"}, {"uuid": "df167b7f-ecf3-4d05-a89b-540f12f1390b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/59a6a303-f490-41d7-a593-2f3bac12042b", "content": "", "creation_timestamp": "2017-08-30T12:30:13.000000Z"}, {"uuid": "2cf4410f-8d58-43ba-a752-dec35e5d813f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5ace0cf8-de70-4e7b-85bf-7a34ac12042b", "content": "", "creation_timestamp": "2018-04-11T13:44:34.000000Z"}, {"uuid": "fffc1252-9421-4294-8a8d-385e063deef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/58ed2c42-04f0-44b7-baa4-9f1f02de0b81", "content": "", "creation_timestamp": "2017-04-11T19:29:18.000000Z"}, {"uuid": "6da2473f-1b09-4de4-8c53-f3fc7dd43bb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/58ef76f2-fcc4-450f-9e5e-339995ca48b7", "content": "", "creation_timestamp": "2017-04-13T13:18:34.000000Z"}, {"uuid": "611f2500-6659-488c-8d24-c4ad47d1f088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/58ef7b1d-b30c-4d1c-a4e8-0d8695ca48b7", "content": "", "creation_timestamp": "2017-04-13T13:20:34.000000Z"}, {"uuid": "c39458f7-fc63-4e7c-ac33-9f4af519e60e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/58ef7b0a-f484-4981-ac16-334295ca48b7", "content": "", "creation_timestamp": "2017-04-13T13:20:14.000000Z"}, {"uuid": "5c9252e9-af93-4779-84dc-600b417a3448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/58ef7b39-4ec4-402c-8eeb-612295ca48b7", "content": "", "creation_timestamp": "2017-04-13T13:21:08.000000Z"}, {"uuid": "db0e7322-c054-41c7-b127-fff29d517ba0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/592e5f00-de4c-4ded-b492-5136bce2ab96", "content": "", "creation_timestamp": "2017-05-31T06:14:53.000000Z"}, {"uuid": "f91dc3cd-8d83-40da-bff9-c3f35f43724d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/59496390-0cf4-4bf9-a93a-e1c402de0b81", "content": "", "creation_timestamp": "2017-06-20T18:05:09.000000Z"}, {"uuid": "ea10d1eb-f833-4e47-b89c-2b14781c5867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/595270cf-76fc-4651-a51f-24b8d5d09a03", "content": "", "creation_timestamp": "2017-06-27T14:56:17.000000Z"}, {"uuid": "a533519c-d986-40e2-8aa9-284c11714cd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5c5a3840-8034-4084-83cc-1a000a021402", "content": "", "creation_timestamp": "2019-02-06T01:32:38.000000Z"}, {"uuid": "0815d274-7e1a-44f7-994c-1461935ca9a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5c4b49ca-8a70-4b9b-838c-630b0a021402", "content": "", "creation_timestamp": "2019-01-25T17:43:03.000000Z"}, {"uuid": "b17e80c7-f746-4dd2-8e27-4511ebbe0a83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/59d68cfe-723c-4b5e-b737-fbfd02de0b81", "content": "", "creation_timestamp": "2017-10-05T19:59:52.000000Z"}, {"uuid": "85957c9b-a74e-43a5-b399-a06652553f69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5aa29460-e1c4-4662-bfe3-1d939f590eb0", "content": "", "creation_timestamp": "2018-03-09T14:15:12.000000Z"}, {"uuid": "3199c4ec-f0d6-4992-ad09-7c378c98ab37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5aa98d8a-3cac-42f0-b224-45d09f590eb0", "content": "", "creation_timestamp": "2018-03-14T21:04:26.000000Z"}, {"uuid": "07b59954-5b65-45ee-9734-5f93c542b259", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113447803211968237", "content": "", "creation_timestamp": "2024-11-08T14:28:19.374516Z"}, {"uuid": "a90fff14-f067-4cab-a14f-8c2500b24d26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5aafa3d9-cf3c-49fe-9c4e-2e52ac100a5a", "content": "", "creation_timestamp": "2018-03-20T06:51:02.000000Z"}, {"uuid": "11ef94b8-a83f-432e-b1e1-e14ea845bf39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5aba062a-8118-4885-afe0-469402de0b81", "content": "", "creation_timestamp": "2018-03-27T09:03:25.000000Z"}, {"uuid": "186040d5-40fe-43d3-b2a3-53ac2aa1d7ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5bc5fbce-03d0-49d2-8123-66110a021402", "content": "", "creation_timestamp": "2018-10-16T15:09:42.000000Z"}, {"uuid": "e842e9a4-d974-4e40-ad18-68f463711588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5b0e8584-be08-4d00-b069-159195ca48b7", "content": "", "creation_timestamp": "2018-05-30T11:13:18.000000Z"}, {"uuid": "0c23249b-cf4d-4826-a7bb-59022f7cb99e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5c4acb8c-9bc4-45ea-83be-6a65ac12042b", "content": "", "creation_timestamp": "2019-01-30T11:07:50.000000Z"}, {"uuid": "15ae4c98-352d-40fe-a3e6-c14600424d3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5b61a496-b034-4321-9406-e0330acd0835", "content": "", "creation_timestamp": "2018-08-01T12:22:29.000000Z"}, {"uuid": "cff9cf61-cc82-4dae-a353-e322dc54bd24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5b6c4d84-7e08-4cb5-a654-244a0a950b0c", "content": "", "creation_timestamp": "2018-08-14T15:11:05.000000Z"}, {"uuid": "28ae9972-cb95-41a0-9f99-d4ed6d22db7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5b7bd11a-4300-4fff-8847-4ef6950d210f", "content": "", "creation_timestamp": "2018-08-21T09:36:54.000000Z"}, {"uuid": "5bd24e13-8f12-42a3-b445-970a4d8e2d19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5afbda67-9d80-4bcf-ae91-33feac100a5a", "content": "", "creation_timestamp": "2018-05-16T07:15:47.000000Z"}, {"uuid": "1f4080d5-ae36-4567-95a2-c431ad32aca9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5b6c27c8-a044-4aa6-81c1-085fac12042b", "content": "", "creation_timestamp": "2018-08-09T11:48:57.000000Z"}, {"uuid": "d3bac0b2-ffc6-4d19-a805-9ab2263596b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5c543c87-503c-4622-a292-0aa6ac12042b", "content": "", "creation_timestamp": "2019-02-01T12:53:41.000000Z"}, {"uuid": "c798f621-44f5-4b0b-aff3-29712c8bfed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5d77e80b-1c90-4b74-9945-4753950d210f", "content": "", "creation_timestamp": "2019-09-10T18:17:11.000000Z"}, {"uuid": "ab1311c7-67dc-4df1-bb3b-072b25140d43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5e2181f9-b5a8-40e2-9b9b-64c70a3b4631", "content": "", "creation_timestamp": "2020-01-17T09:47:07.000000Z"}, {"uuid": "65307d44-274a-4182-84b0-46d381c94a8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/a491671f-55fb-4909-8604-7f7d0b8ff92d", "content": "", "creation_timestamp": "2020-08-19T08:32:12.000000Z"}, {"uuid": "4b991b15-a744-4089-aeaf-1b097000c12d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/36b8470b-ace9-416e-9994-ca272e4e6f1e", "content": "", "creation_timestamp": "2020-11-06T15:42:22.000000Z"}, {"uuid": "84c18a82-bae0-4ac5-bd52-313d043f436d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5e0f3a94-d4a8-4159-b7a2-1c7e0a3b4631", "content": "", "creation_timestamp": "2020-01-03T13:07:31.000000Z"}, {"uuid": "b5578f42-193d-4809-b5cc-338100a1c8cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/8c44b315-a146-4e13-baac-996ba98bbf40", "content": "", "creation_timestamp": "2021-02-15T21:21:45.000000Z"}, {"uuid": "b1663e13-a815-4d4e-835b-f4b24b6f0823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "748d8789-da48-44cd-8062-896a80061370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/aaef44e8-30e4-4ef5-abab-fecb28a147c1", "content": "", "creation_timestamp": "2020-10-09T16:41:28.000000Z"}, {"uuid": "d0da786e-ef49-4d2e-ace3-3e69f8140484", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/885b4fef-3960-4a59-9f38-8c08366f6ae1", "content": "", "creation_timestamp": "2020-10-09T14:12:42.000000Z"}, {"uuid": "9fc4cc14-6e31-47cb-a5ee-25c79d078f5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/dafdcebe-cdf8-42a7-a2e9-9405f936abb1", "content": "", "creation_timestamp": "2020-10-09T13:25:39.000000Z"}, {"uuid": "03efe273-ea2b-4b91-818e-c918abfc910a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:19.000000Z"}, {"uuid": "193c7ad2-f7ae-4636-ae99-8d970926c88d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/f60cd330-b6cc-422a-919b-3c5b6ab7e55c", "content": "", "creation_timestamp": "2020-10-09T13:50:34.000000Z"}, {"uuid": "606e3ecb-3832-4a10-ab4c-eb0408233044", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/08e861ce-ced5-4ea9-8cbc-af8028d5177e", "content": "", "creation_timestamp": "2020-10-09T14:19:10.000000Z"}, {"uuid": "b354d382-a804-43dd-be50-c31479d96278", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/0b0f374b-39b1-4229-891b-2defd31fe736", "content": "", "creation_timestamp": "2020-10-09T15:53:01.000000Z"}, {"uuid": "289b9cf7-4bdc-4d6e-9167-17829e3b6aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/96e562e3-3d31-4ace-8dcc-593280420a99", "content": "", "creation_timestamp": "2020-10-09T15:23:34.000000Z"}, {"uuid": "e5bdf0e0-b7b7-4992-8b42-5ed94e45589e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/03b0cb58-41dc-4c53-9ae1-ea9291a3d4c7", "content": "", "creation_timestamp": "2020-10-09T17:07:09.000000Z"}, {"uuid": "90c98051-1d7a-496f-9d11-8e1c8f3b37ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/0cbad1e3-4b6d-413f-a234-8939127e7112", "content": "", "creation_timestamp": "2020-10-09T13:51:49.000000Z"}, {"uuid": "b227dcc9-b660-4378-92d6-6bfa03c75fe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/7019f4eb-ac5b-491e-b14a-4b322c7c6cb0", "content": "", "creation_timestamp": "2020-10-09T17:12:23.000000Z"}, {"uuid": "98f53bd5-b714-4642-b3f3-8315d85a1327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/db68256f-ce41-4497-86a1-c209f9a5035a", "content": "", "creation_timestamp": "2020-10-09T15:48:05.000000Z"}, {"uuid": "c09bc956-bc12-4ec3-8221-96cde45bb058", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/041ef968-10e6-42e4-90d0-979e27a602c2", "content": "", "creation_timestamp": "2020-10-09T15:21:09.000000Z"}, {"uuid": "afc7bd80-7506-4fdf-b872-7784630aa126", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/7be1b70f-0f74-4e54-9a75-441653b92cab", "content": "", "creation_timestamp": "2020-10-09T16:16:48.000000Z"}, {"uuid": "6332bf29-dfce-49fb-9460-d72bf17c3bef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/b1c3e469-ece9-4bbb-8975-676e0fc60552", "content": "", "creation_timestamp": "2020-10-09T16:14:54.000000Z"}, {"uuid": "4a714cd1-9205-4c15-98fd-1a584a5abeb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/ea635c19-8b53-4526-bba7-0ae0e8530ac9", "content": "", "creation_timestamp": "2020-10-09T15:56:05.000000Z"}, {"uuid": "f4c2377f-1028-448b-bf42-f6cc5181c7c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/f1b31e3b-033e-4e0f-91b1-ac34f900a53f", "content": "", "creation_timestamp": "2020-10-09T14:10:16.000000Z"}, {"uuid": "6cd595e2-17f5-4dc0-a1af-6bce1d896d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/21b8cf94-f9f1-467a-9b17-5328dd7dcdf3", "content": "", "creation_timestamp": "2020-10-09T16:35:58.000000Z"}, {"uuid": "081753ec-b733-4a32-ba83-70e3456e5d3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/88b33d4a-94d0-487b-9760-1070a6ce091d", "content": "", "creation_timestamp": "2020-10-09T15:22:03.000000Z"}, {"uuid": "79570b0b-9a93-49da-8e3b-eb94d08d33a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/73a746cd-9f07-49e6-842e-82fc9ea4625f", "content": "", "creation_timestamp": "2020-10-09T16:38:05.000000Z"}, {"uuid": "88bb7bdf-bd88-45a3-be26-bfdb56dc5978", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/99b48bc1-2bed-47b9-97a7-bf720e31f91d", "content": "", "creation_timestamp": "2020-10-09T14:09:49.000000Z"}, {"uuid": "65dbe09e-b902-49e1-99e4-8b04a0072647", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/bbcfe22e-7729-4a90-a0b6-10323fcaf75a", "content": "", "creation_timestamp": "2020-10-09T15:59:10.000000Z"}, {"uuid": "f3794e7a-7521-4a4b-b83f-442e47243460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/7eea93d6-d22a-47bc-b549-07662fe7a68d", "content": "", "creation_timestamp": "2020-10-09T16:14:06.000000Z"}, {"uuid": "5be1c1e2-31a7-4dd2-b9be-5fe69f3e36fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/2cf17798-4dc4-480f-8ee6-b3fabaeb570d", "content": "", "creation_timestamp": "2020-10-09T14:33:23.000000Z"}, {"uuid": "6ffe7c77-d512-48d1-8a76-7e29cd6e1012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/686724b9-8fa4-43ac-b20b-c2598629c6d4", "content": "", "creation_timestamp": "2020-10-09T15:49:27.000000Z"}, {"uuid": "58700a58-d62f-4f84-805f-2e82dd5c748f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/c6bbcc2c-7ce4-4de9-bee7-051cc4574c58", "content": "", "creation_timestamp": "2020-10-09T15:48:55.000000Z"}, {"uuid": "84722d63-5150-42cb-9e8b-0064afbb1e83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/292c8ff0-f4d9-40b6-ac72-e44392d6cc31", "content": "", "creation_timestamp": "2020-10-09T16:31:53.000000Z"}, {"uuid": "88755f31-0390-4914-be3b-570986ff76b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/f1b590ae-f141-4547-9b92-7edcabe8fcae", "content": "", "creation_timestamp": "2020-10-09T16:31:49.000000Z"}, {"uuid": "8efdc38e-af1d-4401-8122-01f24c399e98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/0264baf8-cabb-4965-b54d-a793c07d93f8", "content": "", "creation_timestamp": "2020-10-09T16:01:47.000000Z"}, {"uuid": "ba3aa772-354d-4262-a5e5-27f2217de16c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/6df7f6a8-b3e4-4f13-a902-da3aa6a4b157", "content": "", "creation_timestamp": "2020-10-09T16:00:12.000000Z"}, {"uuid": "483f194a-98b8-4604-9d10-2ef447f56bcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/17b3de1e-f775-4518-b6ce-87c5b49a3eaa", "content": "", "creation_timestamp": "2020-10-09T17:15:38.000000Z"}, {"uuid": "a5b4b590-193c-42c7-9b4d-a23bd7a0753c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/3eece7fb-11c4-4dc8-b867-fbdbf63b4ebd", "content": "", "creation_timestamp": "2020-10-09T17:15:36.000000Z"}, {"uuid": "ce95112a-47e9-49ba-9ea4-506f6dbe994b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/803e25db-f6ef-4b81-8d64-8cc433d8e205", "content": "", "creation_timestamp": "2020-10-09T15:58:19.000000Z"}, {"uuid": "de22d452-8bdf-42aa-82a2-7e68e1d0de30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/3c5c6bf8-4c3d-48de-8eb3-49f0d290a01a", "content": "", "creation_timestamp": "2020-10-09T16:26:28.000000Z"}, {"uuid": "424bb1e3-7e3f-4043-93ed-5fc0f2787851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/1980a496-40fa-44cd-afc4-c0ddabcd7d8d", "content": "", "creation_timestamp": "2020-10-09T16:41:25.000000Z"}, {"uuid": "bce87163-4a24-4021-b661-c60282ec3fbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/95fee874-878d-4481-8ad2-9fca8b472df2", "content": "", "creation_timestamp": "2020-10-09T15:04:48.000000Z"}, {"uuid": "1a277307-b956-425a-9e9d-0268db285aa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/10387610-5211-4738-83c5-643e43c8e266", "content": "", "creation_timestamp": "2020-10-09T16:41:14.000000Z"}, {"uuid": "067ed97b-0069-45d7-b6b9-3c50d005b198", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/7ea48e81-db85-4da4-9cc0-7a43192e04de", "content": "", "creation_timestamp": "2020-10-09T16:21:59.000000Z"}, {"uuid": "8345b1d3-8a9b-4ad4-b573-068f79b41cb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/ae666a55-60a8-484e-8f9a-172fa9383af0", "content": "", "creation_timestamp": "2020-10-09T16:42:02.000000Z"}, {"uuid": "cc2f60f9-1bda-49e6-a9a8-0caa4f17035d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/2d64a81c-c54e-4e79-a40f-2087060216c8", "content": "", "creation_timestamp": "2020-10-09T17:16:22.000000Z"}, {"uuid": "5f4193f9-6b73-4123-9504-9fd3faeca135", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/e765eda5-d29b-40c3-93fb-8693afc6dc22", "content": "", "creation_timestamp": "2020-10-09T17:16:20.000000Z"}, {"uuid": "5cb0d619-8be3-49c2-9c92-ba99224c9546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/95a79609-8f3c-4e02-92d0-bbb831100ab0", "content": "", "creation_timestamp": "2020-10-09T16:57:40.000000Z"}, {"uuid": "568bccbb-9fb0-4079-8bdf-21f9800151f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/588851f1-fa7d-4cdb-920a-7e75a12ae5a1", "content": "", "creation_timestamp": "2020-10-09T16:22:34.000000Z"}, {"uuid": "a7b8d453-4420-40fe-b920-74bf97ba0b29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/e96623d5-839c-4ab2-85d1-6ea13820aa47", "content": "", "creation_timestamp": "2020-10-09T17:13:01.000000Z"}, {"uuid": "a1b800c1-048c-47e6-af35-cc457626e306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/5c445295-a3ae-4516-b22c-64ede15fa196", "content": "", "creation_timestamp": "2021-01-05T08:45:23.000000Z"}, {"uuid": "48351687-9ce7-48b9-becb-1f36af74eced", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/2556c694-e331-407e-b838-465645d3efdd", "content": "", "creation_timestamp": "2020-10-09T16:54:51.000000Z"}, {"uuid": "1d7ab2f5-87cc-497b-a87b-a662920fdc9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/63ddead6-4b82-414c-ad8e-c516b950b446", "content": "", "creation_timestamp": "2021-10-25T22:32:43.000000Z"}, {"uuid": "6e1c43d5-63b9-45fe-91e9-6672d14ae9a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/66a76374-5da8-4ff7-8113-64700a0a2864", "content": "", "creation_timestamp": "2024-07-29T09:51:25.000000Z"}, {"uuid": "78037d27-7a20-4974-8d2c-a170b18114cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/ae102ba0-f797-4201-b557-0fb163a9e03f", "content": "", "creation_timestamp": "2024-09-12T14:37:09.000000Z"}, {"uuid": "e5b794b9-6eca-4ad3-a857-20c26539eda5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/3c9fa790-f4b2-44e5-bd3c-593bd7113bef", "content": "", "creation_timestamp": "2024-02-28T11:10:03.000000Z"}, {"uuid": "447c696a-e0ac-4a55-859a-994bcfb70ed1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113584080222922612", "content": "", "creation_timestamp": "2024-12-02T16:05:21.795133Z"}, {"uuid": "f71346b9-9178-4149-a62e-4251ce8026af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://www.exploit-db.com/exploits/41934", "content": "", "creation_timestamp": "2017-04-25T00:00:00.000000Z"}, {"uuid": "6605ba97-c26d-4160-afba-6b56dbb5e71a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970992", "content": "", "creation_timestamp": "2024-12-24T20:22:46.108274Z"}, {"uuid": "e64eae85-ef7d-4340-8050-73fe52331f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://bsky.app/profile/malware-traffic-analysis.net/post/3lfh6pqaxls24", "content": "", "creation_timestamp": "2025-01-11T07:29:22.847958Z"}, {"uuid": "7cb9f693-2140-410e-8da9-7509a07a1741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://bsky.app/profile/malware-traffic-analysis.net/post/3lfh733udms24", "content": "", "creation_timestamp": "2025-01-11T07:35:43.668633Z"}, {"uuid": "d24926a4-a5fc-447f-9295-250d7c503fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfhnmxnw5y23", "content": "", "creation_timestamp": "2025-01-11T11:56:13.837181Z"}, {"uuid": "def70b11-b1a6-47fa-b9a2-588689bdcb0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lfn4cdbhpl2m", "content": "", "creation_timestamp": "2025-01-13T16:02:01.618237Z"}, {"uuid": "8ad00afb-de4e-4a14-bb3a-3c3d25ca0b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "0e2cbca6-7d7a-437d-b2c5-fbbb24b63105", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:09:51.000000Z"}, {"uuid": "6ca42aff-edbf-4724-af26-e0130a32d5f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2017-0199", "type": "seen", "source": "https://infosec.exchange/users/k3ym0/statuses/114659974093386460", "content": "", "creation_timestamp": "2025-06-10T16:27:58.778700Z"}, {"uuid": "f8926539-592d-48c8-9fad-53fd34fd641e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-9d1c9d9f-675cdbc3d8f48478", "content": "", "creation_timestamp": "2025-03-01T00:19:16.460359Z"}, {"uuid": "c66edb36-aa3c-4817-a1b6-9df112225f62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/eaf683f7-dcd0-4e0e-8170-317e2b3863f6", "content": "", "creation_timestamp": "2025-02-22T20:59:27.000000Z"}, {"uuid": "0dd0a8c5-982e-42f7-8c18-e1d18f59d6df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:39.000000Z"}, {"uuid": "798a318a-c1fe-46dd-9499-0f3fda4f5add", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114177834211479036", "content": "", "creation_timestamp": "2025-03-17T12:44:48.469508Z"}, {"uuid": "514f8420-1bca-4b6e-be9e-4794e4f384c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/f2f8e507-f238-4713-9f27-cff06453335e", "content": "", "creation_timestamp": "2025-07-01T09:52:54.000000Z"}, {"uuid": "949b6d1c-5e2a-41e3-91cc-c47df4305348", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/a491671f-55fb-4909-8604-7f7d0b8ff92d", "content": "", "creation_timestamp": "2025-05-30T22:36:10.000000Z"}, {"uuid": "9d10efcc-5054-4d26-a0dd-8c347cc1726d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lr5hddl5pb2d", "content": "", "creation_timestamp": "2025-06-09T03:39:10.547671Z"}, {"uuid": "bbf4210f-06d4-4c88-a54c-d2579b39d4b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://threatintel.cc/2025/09/17/revengehotels-a-new-wave-of.html", "content": "", "creation_timestamp": "2025-09-17T09:17:56.000000Z"}, {"uuid": "ca2d2755-2dd6-4ec3-8515-ea0b1c1db710", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-50f1a5f6-768cfe71f5758dad", "content": "", "creation_timestamp": "2025-05-30T12:09:25.663603Z"}, {"uuid": "adc5455e-277b-46ec-9ee9-b4f2d058dba3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lpovenznnd2f", "content": "", "creation_timestamp": "2025-05-21T15:15:20.286686Z"}, {"uuid": "5feafdf5-c4f3-462d-bfd1-c45d392bdd0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-5996e413-521accfb6cd2622e", "content": "", "creation_timestamp": "2025-08-27T14:01:54.867290Z"}, {"uuid": "62159178-a913-4d86-8244-7aa85ed61e46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2017-0199", "type": "seen", "source": "https://gist.github.com/jamisond123-del/ebf4a4e5ddb4376143b76d3d0b78133f", "content": "", "creation_timestamp": "2025-09-16T00:12:25.000000Z"}, {"uuid": "865ca5ce-9304-486e-8126-2072f1055433", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-be4c6ae6-41d04d89fb236f71", "content": "", "creation_timestamp": "2025-08-30T10:23:39.084804Z"}, {"uuid": "c6b4fee9-81dd-4c83-b194-1cc17ff98176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/30fbcc04-7a88-4766-981e-53bf1377d2ca", "content": "", "creation_timestamp": "2025-08-26T11:23:43.000000Z"}, {"uuid": "45d39932-9627-4415-8d77-4dcd63b4096c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:53.000000Z"}, {"uuid": "c68fb65f-f0fc-428a-a24d-e1d9df854701", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/office_word_hta.rb", "content": "", "creation_timestamp": "2018-05-29T15:50:33.000000Z"}, {"uuid": "6bf537a8-a210-48d1-8be0-80e8acb3ea70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/f2f8e507-f238-4713-9f27-cff06453335e", "content": "", "creation_timestamp": "2025-09-01T18:51:57.000000Z"}, {"uuid": "a11b704a-b5af-4644-8d7b-d6d65dca0aa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/3445a876-cced-4346-bf37-e276ba39cff4", "content": "", "creation_timestamp": "2025-09-02T18:30:14.000000Z"}, {"uuid": "baed91b1-086b-435c-bfb6-3bd21c1d78d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-1fdfda19-2805a58255f192e9", "content": "", "creation_timestamp": "2026-03-06T10:29:25.865814Z"}, {"uuid": "d6b2659d-9b0a-4278-bca0-046522f3a125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-c39acbe0-91886c343547fcce", "content": "", "creation_timestamp": "2025-12-05T12:35:57.961922Z"}, {"uuid": "2315c5d7-7e53-419b-a6ab-8adbe93d290c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a6b05d78-d447-4f28-a751-e3141f077dd2", "content": "", "creation_timestamp": "2026-02-02T12:28:54.689184Z"}, {"uuid": "cce1e71f-80da-4c1a-8ac4-76c4d0cfe478", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://gist.github.com/Rudi256/36dc9e64a9be769ff07308d6c3d0a813", "content": "", "creation_timestamp": "2026-03-06T11:21:18.000000Z"}, {"uuid": "ef9be4bc-a31b-403e-847c-29bf5a9ce71d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "MISP/e2a7af1d-bcfe-4708-8516-3090d4bd2533", "content": "", "creation_timestamp": "2025-12-31T22:47:04.000000Z"}, {"uuid": "456e1c5a-1145-4615-a938-14ae6721bf74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/BleepingComputer/1070", "content": "The Week in Ransomware - April 28th 2017 -\n\nWas a good week as not a lot of news when it comes to ransomware. Some more in-dev crap and nothing really new this week. The biggest news is that Cerber is now being distributed via MALSPAM that utilizes CVE-2017-0199\u00a0in the attached DOC files. [...]\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-28th-2017-/", "creation_timestamp": "2017-04-28T22:17:06.000000Z"}, {"uuid": "651cd64e-a64b-4b94-9025-9ad4f48c7225", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/true_secator/7978", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0432 \u0441\u0432\u043e\u0435\u043c \u043d\u043e\u0432\u043e\u043c \u043e\u0442\u0447\u0435\u0442\u0435 \u043a\u043e\u043d\u0441\u0442\u0430\u0442\u0438\u0440\u0443\u044e\u0442, \u0447\u0442\u043e 4 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2025 \u0441\u0442\u0430\u043b \u043e\u0434\u043d\u0438\u043c \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043d\u0430\u0441\u044b\u0449\u0435\u043d\u043d\u044b\u0445 \u043f\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0443 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0439 \u0433\u0440\u043e\u043c\u043a\u0438\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430\u0445 \u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445.\n\n\u0410\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u0432 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u041b\u041a \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0432 \u044d\u0442\u043e\u043c \u043f\u043b\u0430\u043d\u0435 \u041e\u0421 Linux \u0441\u0442\u0430\u043b\u0430 \u0441\u043b\u0438\u0448\u043a\u043e\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0430. \u041d\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b \u0433\u043e\u0434\u0430 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u044b \u0432\u0441\u0435\u0445 \u0430\u0442\u0430\u043a \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438 \u0434\u043b\u044f Linux \u043e\u0442 \u0441\u0443\u043c\u043c\u0430\u0440\u043d\u044b\u0445 \u0433\u043e\u0434\u043e\u0432\u044b\u0445 \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439.\u00a0\n\n\u0412 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u043f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u0442\u0430\u043a\u043e\u0433\u043e \u0432\u0441\u043f\u043b\u0435\u0441\u043a\u0430 \u0441\u0442\u0430\u043b\u043e \u0431\u044b\u0441\u0442\u0440\u043e\u0440\u0430\u0441\u0442\u0443\u0449\u0435\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Linux.\n\n\u041a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0438\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0438 \u0448\u0438\u0440\u043e\u043a\u043e\u0437\u0430\u0445\u0432\u0430\u0442\u043d\u044b\u0445 \u0430\u0442\u0430\u043a. \u0412 \u043e\u0431\u043e\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 - \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0430 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0430.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u0438\u0437\u0431\u0438\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a:\n- \u043f\u043e\u0434 \u043f\u0440\u0438\u0446\u0435\u043b\u043e\u043c \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0441\u0442\u0430\u0440\u044b\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b Linux, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044e\u0442\u0441\u044f: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Dirty Pipe, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Netfilter (CVE-2022-0847, CVE-2019-13272, CVE-2021-22555, CVE-2023-32233);\n- \u0434\u043b\u044f \u041e\u0421 Windows \u0442\u0435\u043c\u043f\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0441\u043d\u0438\u0437\u0438\u043b\u0438\u0441\u044c \u0434\u043e \u0441\u0430\u043c\u043e\u0433\u043e \u043d\u0438\u0437\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0432 2025 \u0433\u043e\u0434\u0443, \u043d\u043e \u043e\u043d\u0438 \u0432\u0441\u0451 \u0440\u0430\u0432\u043d\u043e \u043f\u0440\u0435\u0432\u044b\u0448\u0430\u044e\u0442 \u043d\u0430\u0447\u0430\u043b\u043e 2024-\u0433\u043e, \u0434\u043e\u043c\u0438\u043d\u0438\u0440\u0443\u044e\u0442 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0435 CVE-2017-11882 \u0438 CVE-2018-0802 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Equation Editor \u0438\u0437 Microsoft Office, CVE-2017-0199 \u0432 Microsoft Office \u0438 WordPad.\n\n\u041a\u0430\u043a \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0445, \u0442\u0430\u043a \u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u0435\u0435 \u043f\u043e\u0434 \u0443\u0434\u0430\u0440 \u043f\u043e\u043f\u0430\u0434\u0430\u044e\u0442 \u0432 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0430\u0445. \u0412 2025 \u0433\u043e\u0434\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 WinRAR (CVE-2023-38831, CVE-2025-6218 \u0438 -8088) \u0438 7-Zip (CVE-2025-11001).\n\n\u041f\u043e \u0447\u0430\u0441\u0442\u0438 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0430\u0442\u0430\u043a:\n- \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0441\u0432\u0435\u0436\u0438\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043f\u043e\u043b\u0433\u043e\u0434\u0430;\n- \u0441 \u0433\u0438\u0433\u0430\u043d\u0442\u0441\u043a\u0438\u043c \u043e\u0442\u0440\u044b\u0432\u043e\u043c \u0434\u043e\u043c\u0438\u043d\u0438\u0440\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f React4shell, \u0442\u0430\u043a\u0436\u0435 \u0432 \u0442\u0440\u043e\u0439\u043a\u0435 \u043b\u0438\u0434\u0435\u0440\u043e\u0432 \u0442\u0430\u043a\u0436\u0435 CVE-2025-61882 \u0432 Oracle E-Business Suite \u0438 CVE-2025-8088 \u0432 WinRAR;\n- \u043c\u043d\u043e\u0433\u0438\u0435 CVE \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u043e\u0441\u0442\u0430\u043d\u0443\u0442\u0441\u044f \u0432 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u0435 \u043d\u0430\u0434\u043e\u043b\u0433\u043e, \u0434\u043b\u044f \u0438\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u043f\u043e\u0441\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044e\u0442 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u044b \u043d\u0430 \u0431\u0430\u0437\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 Silver, Mythic, Havoc \u0438 Metasploit.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430, \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u0438 \u0440\u0430\u0437\u0431\u043e\u0440 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 \u041b\u041a.", "creation_timestamp": "2026-03-10T15:26:05.000000Z"}, {"uuid": "fba2ac79-53f8-4c80-92c4-12828031791d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/webamoozir/1701", "content": "\u0628\u0647\u0631\u0647 \u062c\u0648\u06cc\u06cc \u062c\u0627\u0633\u0648\u0633\u0627\u0646 \u0686\u06cc\u0646\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648\u0632-\u0635\u0641\u0631\u0645 \u062f\u0631 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a\n@webamoozir\n\u067e\u0698\u0648\u0647\u0634\u06af\u0631\u0627\u0646 \u0627\u0645\u0646\u06cc\u062a \u062f\u0631 \u067e\u0631\u0648\u0641 \u067e\u0648\u06cc\u0646\u062a \u06af\u0632\u0627\u0631\u0634 \u062f\u0627\u062f\u0647\u0627\u0646\u062f \u06a9\u0647 \u06af\u0631\u0648\u0647 \u0631\u062e\u0646\u0647\u06af\u0631 \u0686\u06cc\u0646\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0648\u0632-\u0635\u0641\u0631\u0645 \u062f\u0631 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u06a9\u0647 \u0628\u0647 \u062a\u0627\u0632\u06af\u06cc \u0648\u0635\u0644\u0647 \u0646\u06cc\u0632 \u0634\u062f\u0647 \u0628\u0648\u062f\u060c \u0628\u0647\u0631\u0647 \u062c\u0648\u06cc\u06cc \u06a9\u0631\u062f\u0647\u0627\u0646\u062f \u0648 \u0628\u0647 \u0634\u0631\u06a9\u062a \u0647\u0627\u06cc \u0641\u0639\u0627\u0644 \u062f\u0631 \u062d\u0648\u0632\u0647 \u0645\u0627\u0644\u06cc \u062d\u0645\u0644\u0647 \u06a9\u0631\u062f\u0647\u0627\u0646\u062f. \u067e\u0698\u0648\u0647\u0634\u06af\u0631\u0627\u0646 \u0628\u0631 \u0627\u06cc\u0646 \u0628\u0627\u0648\u0631\u0646\u062f \u06a9\u0647 \u06af\u0631\u0648\u0647 \u0631\u062e\u0646\u0647 TA459\u060c \u062f\u0633\u062a \u06a9\u0645 \u0627\u0632 \u0633\u0627\u0644 \u06f2\u06f0\u06f1\u06f3 \u0645\u06cc\u0644\u0627\u062f\u06cc \u062f\u0631 \u06a9\u0627\u0631 \u0628\u0648\u062f\u0647 \u0627\u0633\u062a \u0648 \u0639\u0645\u0644\u06cc\u0627\u062a \u0648\u06cc\u0631\u0627\u0646\u06af\u0631\u0634 \u0631\u0627 \u0627\u0632 \u062f\u0631\u0648\u0646 \u0686\u06cc\u0646 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc \u062f\u0647\u062f \u0648 \u06af\u0648\u06cc\u0627 \u062f\u0631 \u062d\u0645\u0644\u0647\u0647\u0627\u06cc\u0634 \u0628\u0647 \u0631\u0648\u0633\u06cc\u0647 \u0648 \u06a9\u0634\u0648\u0631\u0647\u0627\u06cc \u062f\u06cc\u06af\u0631 \u0647\u0645\u0633\u0627\u06cc\u0647\u060c \u0627\u0632 \u0628\u062f\u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc\u06cc \u0645\u0627\u0646\u0646\u062f: NetTraveler\u060c PlugX\u060c Saker\u060c Netbot\u060c DarkStRat \u0648 ZeroT \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f. \u067e\u0698\u0648\u0647\u0634\u06af\u0631\u0627\u0646 \u06cc\u0627\u062f\u0634\u062f\u0647 \u0628\u0647 \u062a\u0627\u0632\u06af\u06cc \u062a\u0648\u0627\u0646\u0633\u062a\u0647\u0627\u0646\u062f \u06a9\u0647 \u062d\u0645\u0644\u0647\u0647\u0627\u06cc \u0627\u06cc\u0646 \u06af\u0631\u0648\u0647 \u0631\u0627 \u0628\u0647 \u0633\u0627\u0632\u0645\u0627\u0646 \u0647\u0627\u06cc \u0646\u0638\u0627\u0645\u06cc \u0648 \u0647\u0648\u0627\u0641\u0636\u0627 \u062f\u0631 \u0631\u0648\u0633\u06cc\u0647 \u0648 \u0628\u0644\u0627\u0631\u0648\u0633 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u06a9\u0646\u0646\u062f. \u062f\u0631\u06f2\u06f0 \u0622\u0648\u0631\u06cc\u0644 \u0646\u06cc\u0632 \u067e\u0698\u0648\u0647\u0634\u06af\u0631\u0627\u0646\u060c \u06a9\u0645\u067e\u06cc\u0646 \u062c\u0627\u0633\u0648\u0633\u06cc\u0627\u06cc \u0631\u0627 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u06a9\u0631\u062f\u0646\u062f \u06a9\u0647 \u0628\u0647 \u0645\u0624\u0633\u0633\u0647\u0647\u0627\u06cc \u0645\u0627\u0644\u06cc \u062f\u0631 \u0631\u0648\u0633\u06cc\u0647 \u0648 \u06a9\u0634\u0648\u0631\u0647\u0627\u06cc \u0647\u0645\u0633\u0627\u06cc\u0647 \u062d\u0645\u0644\u0647 \u06a9\u0631\u062f\u0647 \u0628\u0648\u062f. \u067e\u0698\u0648\u0647\u0634\u06af\u0631\u0627\u0646 \u0645\u06cc \u0627\u0646\u062f\u06cc\u0634\u0646\u062f \u06a9\u0647 \u0627\u06cc\u0646 \u06a9\u0645\u067e\u06cc\u0646\u060c \u0647\u0645\u0627\u0646\u0646\u062f \u06a9\u0645\u067e\u06cc\u0646 \u062c\u0627\u0633\u0648\u0633\u06cc \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0633\u0627\u0644 \u06f2\u06f0\u06f1\u06f5 \u0645\u06cc\u0644\u0627\u062f\u06cc \u0628\u0647 \u0631\u0627\u0647 \u0627\u0641\u062a\u0627\u062f\u0647 \u0628\u0648\u062f. \u0627\u06cc\u0646 \u06af\u0631\u0648\u0647 \u0631\u062e\u0646\u0647 \u062f\u0631 \u062d\u0645\u0644\u0647\u0647\u0627\u06cc \u062e\u0648\u062f\u060c \u0631\u0627\u06cc\u0627\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc \u0641\u06cc\u0634\u06cc\u0646\u06af \u0628\u0631\u0627\u06cc \u0642\u0631\u0628\u0627\u0646\u06cc\u0627\u0646 \u0645\u06cc \u0641\u0631\u0633\u062a\u062f \u06a9\u0647 \u062f\u0631 \u0622\u0646\u0647\u0627\u060c \u067e\u0631\u0648\u0646\u062f\u0647 \u0648\u06cc\u0631\u0627\u0646\u06af\u0631 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0648\u0631\u062f \u067e\u06cc\u0648\u0633\u062a \u0634\u062f\u0647 \u0627\u0633\u062a \u062a\u0627 \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc\u0627\u06cc\u060c \u0628\u0627 \u0634\u0646\u0627\u0633\u0647: CVE-2017-0199 \u06a9\u0647 \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u062c\u0631\u0627\u06cc \u06a9\u062f \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0627\u0633\u062a\u060c \u0628\u0647\u0631\u0647 \u062c\u0648\u06cc\u06cc \u06a9\u0646\u062f. \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0628\u0647\u0631\u0647 \u062c\u0648\u06cc\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u062f\u0631\u0633\u062a \u0686\u0646\u062f \u0631\u0648\u0632 \u067e\u0633 \u0627\u0632 \u0627\u06cc\u0646\u06a9\u0647 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0628\u0631\u0627\u06cc \u0622\u0646 \u0648\u0635\u0644\u0647 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0631\u062f\u060c \u0622\u063a\u0627\u0632 \u06a9\u0631\u062f\u0647 \u0627\u0646\u062f.\n\n\u0645\u0646\u0628\u0639: http://www.securityweek.com", "creation_timestamp": "2017-05-03T19:15:03.000000Z"}, {"uuid": "e789cf96-7bb2-4fe9-a630-1dcab1548fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/7436", "content": "\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u043d\u043e\u0432\u0443\u044e \u0432\u043e\u043b\u043d\u0443 \u0430\u0442\u0430\u043a RevengeHotels \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c LLM \u0438 VenomRAT, \u0447\u0430\u0441\u0442\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 QuasarRAT \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\n\n\u0413\u0440\u0443\u043f\u043f\u0430, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a TA558, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u0441 2015 \u0433\u043e\u0434\u0430 \u0438 \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442\u0441\u044f \u043a\u0440\u0430\u0436\u0435\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u0440\u0435\u0434\u0438\u0442\u043d\u044b\u0445 \u043a\u0430\u0440\u0442 \u0433\u043e\u0441\u0442\u0435\u0439 \u043e\u0442\u0435\u043b\u0435\u0439 \u0438 \u043f\u0443\u0442\u0435\u0448\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043c\u0435\u0442\u043e\u0434 \u0440\u0430\u0431\u043e\u0442\u044b \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c \u0441 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u043c\u0438 \u0441\u0441\u044b\u043b\u043a\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u0436\u0435\u0440\u0442\u0432 \u043d\u0430 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b, \u0438\u043c\u0438\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044e\u0449\u0438\u0435 \u0444\u0430\u0439\u043b\u044b \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0434\u043b\u044f \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432.\n\n\u0412 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 RAT, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438, \u043a\u0440\u0430\u0436\u0443 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n\u0412 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445\u00a0\u0433\u0440\u0443\u043f\u043f\u0430 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 Word, Excel \u0438\u043b\u0438 PDF.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043d\u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0CVE-2017-0199, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u044b VBS \u0438\u043b\u0438 PowerShell \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432 RAT, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a RevengeRAT, NanoCoreRAT, NjRAT, 888 RAT \u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e ProCC.\n\n\u042d\u0442\u0438 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0438 \u043e\u0442\u0435\u043b\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u0442\u0440\u0430\u043d\u0430\u0445 \u041b\u0430\u0442\u0438\u043d\u0441\u043a\u043e\u0439 \u0410\u043c\u0435\u0440\u0438\u043a\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0411\u0440\u0430\u0437\u0438\u043b\u0438\u044e, \u0410\u0440\u0433\u0435\u043d\u0442\u0438\u043d\u0443, \u0427\u0438\u043b\u0438 \u0438 \u041c\u0435\u043a\u0441\u0438\u043a\u0443, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u043b\u0443\u0436\u0431\u044b \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0438 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0433\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0432 \u0420\u043e\u0441\u0441\u0438\u0438, \u0411\u0435\u043b\u0430\u0440\u0443\u0441\u0438, \u0422\u0443\u0440\u0446\u0438\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0442\u0440\u0430\u043d\u0430\u0445.\n\n\u041f\u043e\u0437\u0436\u0435 RevengeHotels \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0430 \u0441\u0432\u043e\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b, \u0434\u043e\u0431\u0430\u0432\u0438\u0432 XWorm - RAT \u0441 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u043c\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438, \u0441\u0440\u0435\u0434\u0438 \u043f\u0440\u043e\u0447\u0435\u0433\u043e.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e XWorm \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u041a \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e RevengeHotels \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 RAT-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 DesckVBRAT \u0432 \u0441\u0432\u043e\u0438\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f\u0445.\n\n\u041b\u0435\u0442\u043e\u043c 2025 \u0433\u043e\u0434\u0430 \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f \u041b\u041a \u043f\u043e\u043f\u0430\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u0442\u043e\u0442 \u0436\u0435 \u0441\u0435\u043a\u0442\u043e\u0440 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u0441\u0451 \u0431\u043e\u043b\u0435\u0435 \u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u043e\u0432 \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441 \u0442\u0435\u043c\u0430\u043c\u0438 \u0441\u0447\u0435\u0442\u043e\u0432-\u0444\u0430\u043a\u0442\u0443\u0440 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u043e\u0432 VenomRAT \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0438 JavaScript \u0438 PowerShell.\n\n\u0417\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u0430 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u0432 \u044d\u0442\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043f\u043e-\u0432\u0438\u0434\u0438\u043c\u043e\u043c\u0443, \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 LLM-\u0430\u0433\u0435\u043d\u0442\u0430\u043c\u0438. \u0422\u0430\u043a \u0447\u0442\u043e  \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0442\u0435\u043f\u0435\u0440\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0418\u0418 \u0434\u043b\u044f \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0432\u043e\u0438\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u044b\u043c\u0438 \u0446\u0435\u043b\u044f\u043c\u0438 \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0431\u0440\u0430\u0437\u0438\u043b\u044c\u0441\u043a\u0438\u0439 \u0433\u043e\u0441\u0442\u0438\u043d\u0438\u043d\u0438\u0447\u043d\u044b\u0439 \u0441\u0435\u043a\u0442\u043e\u0440, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0446\u0435\u043b\u0438 \u0432 \u0438\u0441\u043f\u0430\u043d\u043e\u044f\u0437\u044b\u0447\u043d\u044b\u0445 \u0441\u0442\u0440\u0430\u043d\u0430\u0445 \u0438\u043b\u0438 \u0440\u0435\u0433\u0438\u043e\u043d\u0430\u0445.\n\n\u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0432\u0441\u0435\u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u043c\u0443 \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u0441\u0445\u0435\u043c \u0430\u0442\u0430\u043a \u0438 TTPs \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u041a \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u0443\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438, \u0447\u0442\u043e \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c \u0437\u0430 \u043d\u0438\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f RevengeHotels.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u043a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0430\u0433\u0435\u043d\u0442\u043e\u0432 LLM \u0433\u0440\u0443\u043f\u043f\u0430 \u0441\u043c\u043e\u0433\u043b\u0430 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0438, \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u044f \u0441\u0432\u043e\u0438 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u043d\u043e\u0432\u044b\u0435 \u0440\u0435\u0433\u0438\u043e\u043d\u044b.\n\n\u0418, \u0435\u0441\u043b\u0438 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0434\u043b\u044f \u044d\u0442\u0438\u0445 \u0430\u0442\u0430\u043a, \u0438 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u0430\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f, \u0442\u043e \u043a\u043e\u043d\u0435\u0447\u043d\u0430\u044f \u0446\u0435\u043b\u044c \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f \u043f\u0440\u0435\u0436\u043d\u0435\u0439: \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 RAT.\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0430\u0442\u0430\u043a \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 IOCs - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-09-18T12:50:06.000000Z"}, {"uuid": "ac0b205c-a139-4a70-8541-4e16473a202c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/HackingInsights/12989", "content": "\u200aFileless Remcos RAT Campaign Leverages CVE-2017-0199 Flaw\n\nhttps://securityonline.info/fileless-remcos-rat-campaign-leverages-cve-2017-0199-flaw/", "creation_timestamp": "2024-09-14T02:49:30.000000Z"}, {"uuid": "d54304e0-3ae9-4675-9d13-f7aeff3c7298", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/itsec_news/4881", "content": "\u200b\u26a1\ufe0f9 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u0445\u0430\u043e\u0441\u0430: SmokeLoader \u0440\u0430\u0437\u0440\u0443\u0448\u0430\u0435\u0442 \u0437\u0430\u0449\u0438\u0442\u0443 \u0431\u0438\u0437\u043d\u0435\u0441\u0430\n\n\ud83d\udcac \u0412 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 FortiGuard Labs \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0443 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b SmokeLoader \u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0432 \u0422\u0430\u0439\u0432\u0430\u043d\u0435. \u041f\u043e\u0434 \u0443\u0434\u0430\u0440 \u043f\u043e\u043f\u0430\u043b\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438\u0437 \u0441\u0444\u0435\u0440\u044b \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0430, \u0437\u0434\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f, IT \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043e\u0442\u0440\u0430\u0441\u043b\u0435\u0439. SmokeLoader \u0438\u0437\u0432\u0435\u0441\u0442\u0435\u043d \u0441\u0432\u043e\u0435\u0439 \u0433\u0438\u0431\u043a\u043e\u0441\u0442\u044c\u044e: \u043e\u043d \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0438\u043b\u0438 \u0441\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0441\u043b\u043e\u0436\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435.\n\n\u0410\u0442\u0430\u043a\u0430 \u043d\u0430\u0447\u0438\u043d\u0430\u043b\u0430\u0441\u044c \u0441 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0445 \u043f\u0438\u0441\u0435\u043c. \u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u043b\u0438 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c \u0444\u0430\u0439\u043b\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u044b\u0434\u0430\u0432\u0430\u043b\u0438 \u0437\u0430 \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u0438\u0435. \u041f\u0438\u0441\u044c\u043c\u0430 \u0432\u044b\u0433\u043b\u044f\u0434\u0435\u043b\u0438 \u043f\u0440\u0430\u0432\u0434\u043e\u043f\u043e\u0434\u043e\u0431\u043d\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u043c\u0435\u0441\u0442\u043d\u044b\u0435 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u043d\u043e \u0438\u043c\u0435\u043b\u0438 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438: \u043e\u0434\u0438\u043d\u0430\u043a\u043e\u0432\u043e\u0435 \u0438\u043c\u044f \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u0435\u043b\u044f \u0432 \u0440\u0430\u0437\u043d\u044b\u0445 \u043f\u0438\u0441\u044c\u043c\u0430\u0445 \u0438 \u043e\u0442\u043b\u0438\u0447\u0438\u044f \u0432 \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u0438\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0438 \u043a\u043e\u043d\u0442\u0430\u043a\u0442\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0414\u043b\u044f \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Microsoft Office. \u041f\u0435\u0440\u0432\u0430\u044f, CVE-2017-0199 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7.8), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430. \u0412\u0442\u043e\u0440\u0430\u044f, CVE-2017-11882 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7.8), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u0436\u0435\u0440\u0442\u0432\u044b \u0447\u0435\u0440\u0435\u0437 \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440 \u0444\u043e\u0440\u043c\u0443\u043b. \u0421\u043e\u0432\u043e\u043a\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0441\u0434\u0435\u043b\u0430\u043b\u0430 \u0430\u0442\u0430\u043a\u0443 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u0438 \u0442\u0440\u0443\u0434\u043d\u043e\u0439 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f.\n\n\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0430\u043f \u0430\u0442\u0430\u043a\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 HTA-\u0444\u0430\u0439\u043b\u043e\u0432 \u0441 \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0441\u043a\u0440\u0438\u043f\u0442\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u044b\u0432\u0430\u043b\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u043b\u0438 PowerShell, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u043d\u043e\u0432\u044b\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u2014 AndeLoader. \u042d\u0442\u043e\u0442 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u044b\u0432\u0430\u043b \u0434\u0430\u043d\u043d\u044b\u0435, \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0438, \u0438 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u043b \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043c\u043e\u0434\u0443\u043b\u044c.\n\nSmokeLoader \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b 9 \u0440\u0430\u0437\u043d\u044b\u0445 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u0432\u043e\u0438\u0445 \u0437\u0430\u0434\u0430\u0447. \u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445 \u0431\u044b\u043b\u0438 \u043c\u043e\u0434\u0443\u043b\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0445\u0438\u0449\u0430\u043b\u0438 \u043f\u0430\u0440\u043e\u043b\u0438, \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432, \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0438 FTP-\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043e\u0434\u0438\u043d \u0438\u0437 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u043b \u043d\u0430\u0436\u0430\u0442\u0438\u044f \u043a\u043b\u0430\u0432\u0438\u0448 (\u043a\u0435\u0439\u043b\u043e\u0433\u0433\u0438\u043d\u0433) \u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0431\u0443\u0444\u0435\u0440\u0430 \u043e\u0431\u043c\u0435\u043d\u0430, \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u0434\u0430\u043b\u044f\u043b cookie-\u0444\u0430\u0439\u043b\u044b \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u0445, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u0432\u0432\u043e\u0434\u0438\u0442\u044c \u043f\u0430\u0440\u043e\u043b\u0438. \u041f\u043b\u0430\u0433\u0438\u043d\u044b \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u0431\u0438\u0440\u0430\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 Firefox, Chrome, Outlook, Thunderbird \u0438 FileZilla, \u0438 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u043b\u0438 \u0438\u0445 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u041a\u0430\u0436\u0434\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d \u0431\u044b\u043b \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d \u043d\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u0437\u0430\u0434\u0430\u0447. \u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0434\u0443\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u043c\u0438, \u0443\u0434\u0430\u043b\u044f\u044f \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u044f \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0447\u0438\u043a\u0438 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u041e\u0441\u043e\u0431\u0443\u044e \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0430 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0442\u044c \u0441\u0432\u043e\u0451 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0451\u043d\u043d\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435. \u041e\u0434\u0438\u043d \u0438\u0437 \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u043b\u0441\u044f \u043f\u0440\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u0410\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0438 \u043f\u043e\u0434\u0447\u0435\u0440\u043a\u0438\u0432\u0430\u044e\u0442, \u0447\u0442\u043e SmokeLoader \u2014 \u044d\u0442\u043e \u0441\u043b\u043e\u0436\u043d\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043c\u043e\u0436\u0435\u0442 \u0430\u0434\u0430\u043f\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043f\u043e\u0434 \u0440\u0430\u0437\u043d\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 \u0430\u0442\u0430\u043a. \u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441 \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u043a\u0430\u043a \u043c\u043e\u0434\u0443\u043b\u0438 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u0435\u0435, \u0447\u0435\u043c \u0433\u043e\u0442\u043e\u0432\u044b\u0435 \u0432\u0438\u0440\u0443\u0441\u044b. \u0414\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u0442\u0430\u043a\u0438\u0445 \u0443\u0433\u0440\u043e\u0437 Fortinet \u0441\u043e\u0432\u0435\u0442\u0443\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441 \u0438 \u043e\u0431\u0443\u0447\u0430\u0442\u044c \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u043e\u0432, \u0447\u0442\u043e\u0431\u044b \u0432\u043e\u0432\u0440\u0435\u043c\u044f \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0432\u0430\u0442\u044c \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u0430\u0442\u0430\u043a\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-12-03T19:09:55.000000Z"}, {"uuid": "4b07ff88-7cc9-43a5-a443-3910c9b62b34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/kasperskyb2b/2103", "content": "\u2755 \u0422\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u0432 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: \u041e\u0421 Linux \u0441\u0442\u0430\u043b\u0430 \u0441\u043b\u0438\u0448\u043a\u043e\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0430 \n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u00ab\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e\u00bb \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0430\u0445 \u0432 4 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430.  \u041a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u0441\u0438\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0438 \u0448\u0438\u0440\u043e\u043a\u043e\u0437\u0430\u0445\u0432\u0430\u0442\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u043e \u0438 \u0442\u0430\u043c, \u0438 \u0442\u0430\u043c \u043d\u0435\u0441\u043a\u0443\u0447\u043d\u043e. \n\n\u041d\u0435\u0438\u0437\u0431\u0438\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438:\n\ud83d\udfe3 \u043a\u043e\u0441\u043c\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u043e\u0441\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0430 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0435 \u041e\u0421 *nix \u2014 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0430 \u0432\u0441\u0435\u0445 \u0430\u0442\u0430\u043a \u0437\u0430 2025 \u0433\u043e\u0434 \u043f\u0440\u0438\u0448\u043b\u0430\u0441\u044c \u043d\u0430 4 \u043a\u0432\u0430\u0440\u0442\u0430\u043b. \u041e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043d\u043e \u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0438\u0437\u0430\u0446\u0438\u0435\u0439 Linux \u0434\u043b\u044f \u0434\u0435\u0441\u043a\u0442\u043e\u043f\u043e\u0432;\n\ud83d\udfe3\u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u044e\u0442\u0441\u044f \u0430\u0442\u0430\u043a\u0435 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0434\u0440\u0435\u0432\u043d\u0438\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b Linux, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044e\u0442\u0441\u044f: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Dirty Pipe, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Netfilter. \u042d\u0442\u043e CVE-2022-0847, CVE-2019-13272, CVE-2021-22555, CVE-2023-32233;\n\ud83d\udfe3 \u0434\u043b\u044f \u041e\u0421 Windows \u0442\u0435\u043c\u043f\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0441\u043d\u0438\u0437\u0438\u043b\u0438\u0441\u044c \u0434\u043e \u0441\u0430\u043c\u043e\u0433\u043e \u043d\u0438\u0437\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0432 2025 \u0433\u043e\u0434\u0443, \u043d\u043e \u043e\u043d\u0438 \u0432\u0441\u0451 \u0440\u0430\u0432\u043d\u043e \u043f\u0440\u0435\u0432\u044b\u0448\u0430\u044e\u0442 \u043d\u0430\u0447\u0430\u043b\u043e 2024-\u0433\u043e;\n\ud83d\udfe3 \u0434\u043e\u043c\u0438\u043d\u0438\u0440\u0443\u044e\u0442 \u0442\u0430\u043a\u0436\u0435 \u0434\u0440\u0435\u0432\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: CVE-2017-11882 \u0438 CVE-2018-0802 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Equation Editor \u0438\u0437 \u043f\u0430\u043a\u0435\u0442\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Microsoft Office, CVE-2017-0199 \u0432 Microsoft Office \u0438 WordPad.\n\n\u041a\u0430\u043a \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0445, \u0442\u0430\u043a \u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u0435\u0435 \u0446\u0435\u043b\u044f\u0442\u0441\u044f \u0432 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u043e\u0432. \u0412 2025 \u0433\u043e\u0434\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 WinRAR (CVE-2023-38831, CVE-2025-6218 \u0438 -8088) \u0438 7-Zip (CVE-2025-11001).\n\n\u0426\u0435\u043b\u0435\u0432\u044b\u0435 \u0430\u0442\u0430\u043a\u0438:\n\ud83d\udfe3 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0441\u0432\u0435\u0436\u0438\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043f\u043e\u043b\u0433\u043e\u0434\u0430;\n\ud83d\udfe3 \u0441 \u0433\u0438\u0433\u0430\u043d\u0442\u0441\u043a\u0438\u043c \u043e\u0442\u0440\u044b\u0432\u043e\u043c \u0434\u043e\u043c\u0438\u043d\u0438\u0440\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f React4shell, \u0432 \u0442\u0440\u043e\u0439\u043a\u0435 \u043b\u0438\u0434\u0435\u0440\u043e\u0432 \u0442\u0430\u043a\u0436\u0435 CVE-2025-61882 \u0432 Oracle E-Business Suite \u0438 CVE-2025-8088 \u0432 WinRAR;\n\ud83d\udfe3 \u043c\u043d\u043e\u0433\u0438\u0435 CVE \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0437\u0430\u043a\u0440\u0435\u043f\u044f\u0442\u0441\u044f \u0432 \u0445\u0438\u0442-\u043f\u0430\u0440\u0430\u0434\u0435 \u043d\u0430\u0434\u043e\u043b\u0433\u043e, \u0434\u043b\u044f \u0438\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n\ud83d\udfe3 \u043f\u043e\u0441\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044e\u0442 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u044b \u043d\u0430 \u0431\u0430\u0437\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 Silver, Mythic, Havoc \u0438 Metasploit.\n\n\ud83d\udccc \u0412 \u043f\u043e\u043b\u043d\u043e\u043c \u043e\u0442\u0447\u0451\u0442\u0435 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 Securelist \u044d\u0442\u0438 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043d\u044b \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e, \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u044b \u0441\u0432\u044f\u0437\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0441 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 2025 \u0433\u043e\u0434\u0430. \n\n#\u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2026-03-10T14:02:31.000000Z"}, {"uuid": "7f4c7e4a-be3d-4a17-ab4c-c08955be1332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/S_E_Reborn/5910", "content": "\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u043d\u043e\u0432\u0443\u044e \u0432\u043e\u043b\u043d\u0443 \u0430\u0442\u0430\u043a RevengeHotels \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c LLM \u0438 VenomRAT, \u0447\u0430\u0441\u0442\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 QuasarRAT \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\n\n\u0413\u0440\u0443\u043f\u043f\u0430, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a TA558, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u0441 2015 \u0433\u043e\u0434\u0430 \u0438 \u0437\u0430\u043d\u0438\u043c\u0430\u0435\u0442\u0441\u044f \u043a\u0440\u0430\u0436\u0435\u0439 \u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u0440\u0435\u0434\u0438\u0442\u043d\u044b\u0445 \u043a\u0430\u0440\u0442 \u0433\u043e\u0441\u0442\u0435\u0439 \u043e\u0442\u0435\u043b\u0435\u0439 \u0438 \u043f\u0443\u0442\u0435\u0448\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u0438\u043a\u043e\u0432.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u043c\u0435\u0442\u043e\u0434 \u0440\u0430\u0431\u043e\u0442\u044b \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c \u0441 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u043c\u0438 \u0441\u0441\u044b\u043b\u043a\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0442 \u0436\u0435\u0440\u0442\u0432 \u043d\u0430 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b, \u0438\u043c\u0438\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044e\u0449\u0438\u0435 \u0444\u0430\u0439\u043b\u044b \u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u0434\u043b\u044f \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043e\u0432.\n\n\u0412 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0432 \u0441\u0435\u0431\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 RAT, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438, \u043a\u0440\u0430\u0436\u0443 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f.\n\n\u0412 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445\u00a0\u0433\u0440\u0443\u043f\u043f\u0430 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 Word, Excel \u0438\u043b\u0438 PDF.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043d\u0438\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0CVE-2017-0199, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044f \u0441\u043a\u0440\u0438\u043f\u0442\u044b VBS \u0438\u043b\u0438 PowerShell \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432 RAT, \u0442\u0430\u043a\u0438\u0445 \u043a\u0430\u043a RevengeRAT, NanoCoreRAT, NjRAT, 888 RAT \u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e ProCC.\n\n\u042d\u0442\u0438 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u043b\u0438 \u043e\u0442\u0435\u043b\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u0441\u0442\u0440\u0430\u043d\u0430\u0445 \u041b\u0430\u0442\u0438\u043d\u0441\u043a\u043e\u0439 \u0410\u043c\u0435\u0440\u0438\u043a\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0411\u0440\u0430\u0437\u0438\u043b\u0438\u044e, \u0410\u0440\u0433\u0435\u043d\u0442\u0438\u043d\u0443, \u0427\u0438\u043b\u0438 \u0438 \u041c\u0435\u043a\u0441\u0438\u043a\u0443, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u043b\u0443\u0436\u0431\u044b \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0438 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0433\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0432 \u0420\u043e\u0441\u0441\u0438\u0438, \u0411\u0435\u043b\u0430\u0440\u0443\u0441\u0438, \u0422\u0443\u0440\u0446\u0438\u0438 \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0442\u0440\u0430\u043d\u0430\u0445.\n\n\u041f\u043e\u0437\u0436\u0435 RevengeHotels \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0430 \u0441\u0432\u043e\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b, \u0434\u043e\u0431\u0430\u0432\u0438\u0432 XWorm - RAT \u0441 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u043c\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438, \u0441\u0440\u0435\u0434\u0438 \u043f\u0440\u043e\u0447\u0435\u0433\u043e.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e XWorm \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u041a \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e RevengeHotels \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 RAT-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 DesckVBRAT \u0432 \u0441\u0432\u043e\u0438\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u044f\u0445.\n\n\u041b\u0435\u0442\u043e\u043c 2025 \u0433\u043e\u0434\u0430 \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f \u041b\u041a \u043f\u043e\u043f\u0430\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u0442\u043e\u0442 \u0436\u0435 \u0441\u0435\u043a\u0442\u043e\u0440 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u0441\u0451 \u0431\u043e\u043b\u0435\u0435 \u0441\u043b\u043e\u0436\u043d\u044b\u0445 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u043e\u0432 \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441 \u0442\u0435\u043c\u0430\u043c\u0438 \u0441\u0447\u0435\u0442\u043e\u0432-\u0444\u0430\u043a\u0442\u0443\u0440 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u043e\u0432 VenomRAT \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0438 JavaScript \u0438 PowerShell.\n\n\u0417\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u0430 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u0432 \u044d\u0442\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043f\u043e-\u0432\u0438\u0434\u0438\u043c\u043e\u043c\u0443, \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0430 LLM-\u0430\u0433\u0435\u043d\u0442\u0430\u043c\u0438. \u0422\u0430\u043a \u0447\u0442\u043e  \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0442\u0435\u043f\u0435\u0440\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0418\u0418 \u0434\u043b\u044f \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0432\u043e\u0438\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439.\n\n\u041e\u0441\u043d\u043e\u0432\u043d\u044b\u043c\u0438 \u0446\u0435\u043b\u044f\u043c\u0438 \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0431\u0440\u0430\u0437\u0438\u043b\u044c\u0441\u043a\u0438\u0439 \u0433\u043e\u0441\u0442\u0438\u043d\u0438\u043d\u0438\u0447\u043d\u044b\u0439 \u0441\u0435\u043a\u0442\u043e\u0440, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0446\u0435\u043b\u0438 \u0432 \u0438\u0441\u043f\u0430\u043d\u043e\u044f\u0437\u044b\u0447\u043d\u044b\u0445 \u0441\u0442\u0440\u0430\u043d\u0430\u0445 \u0438\u043b\u0438 \u0440\u0435\u0433\u0438\u043e\u043d\u0430\u0445.\n\n\u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0432\u0441\u0435\u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u043c\u0443 \u0430\u043d\u0430\u043b\u0438\u0437\u0443 \u0441\u0445\u0435\u043c \u0430\u0442\u0430\u043a \u0438 TTPs \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u041a \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u0443\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438, \u0447\u0442\u043e \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c \u0437\u0430 \u043d\u0438\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f RevengeHotels.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u043a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0430\u0433\u0435\u043d\u0442\u043e\u0432 LLM \u0433\u0440\u0443\u043f\u043f\u0430 \u0441\u043c\u043e\u0433\u043b\u0430 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0438, \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u044f \u0441\u0432\u043e\u0438 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u043d\u043e\u0432\u044b\u0435 \u0440\u0435\u0433\u0438\u043e\u043d\u044b.\n\n\u0418, \u0435\u0441\u043b\u0438 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0434\u043b\u044f \u044d\u0442\u0438\u0445 \u0430\u0442\u0430\u043a, \u0438 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u0430\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e \u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f, \u0442\u043e \u043a\u043e\u043d\u0435\u0447\u043d\u0430\u044f \u0446\u0435\u043b\u044c \u043e\u0441\u0442\u0430\u0451\u0442\u0441\u044f \u043f\u0440\u0435\u0436\u043d\u0435\u0439: \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 RAT.\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0430\u0442\u0430\u043a \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 IOCs - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-09-18T15:57:50.000000Z"}, {"uuid": "adf02a76-5dd1-4e2a-96e4-60e5432edc57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "published-proof-of-concept", "source": "https://t.me/ics_cert/693", "content": "\u06af\u0631\u0648\u0647 Group-IB APT \u0635\u0648\u0631\u062a\u06cc \u062a\u06cc\u0631\u0647 \u0631\u0627 \u06a9\u0634\u0641 \u06a9\u0631\u062f \u06a9\u0647 \u062f\u0631 \u062d\u0645\u0644\u0627\u062a \u0628\u0647 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u062f\u0648\u0644\u062a\u06cc \u0648 \u062a\u0623\u0633\u06cc\u0633\u0627\u062a \u0646\u0638\u0627\u0645\u06cc \u062f\u0631 \u0645\u0646\u0637\u0642\u0647 \u0622\u0633\u06cc\u0627 \u0648 \u0627\u0642\u06cc\u0627\u0646\u0648\u0633\u06cc\u0647 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0648\u06cc\u0698\u0647 \u0628\u0631\u0627\u06cc \u0633\u0631\u0642\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062f\u0633\u062a \u062f\u0627\u0634\u062a.\n\nART \u0642\u0628\u0644\u0627\u064b \u062a\u062d\u062a \u0631\u0627\u062f\u0627\u0631 \u0645\u062d\u0642\u0642\u0627\u0646 \u0686\u06cc\u0646\u06cc \u0627\u0632 \u0622\u0632\u0645\u0627\u06cc\u0634\u06af\u0627\u0647 \u0634\u06a9\u0627\u0631 Anheng \u0642\u0631\u0627\u0631 \u06af\u0631\u0641\u062a\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0627\u06cc\u0646 \u06af\u0631\u0648\u0647 \u0631\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06af\u0631\u0648\u0647 Saaiwc \u062f\u0646\u0628\u0627\u0644 \u0645\u06cc \u06a9\u0646\u0646\u062f. \u0627\u06cc\u0646 \u06af\u0632\u0627\u0631\u0634 \u0632\u0646\u062c\u06cc\u0631\u0647\u200c\u0627\u06cc \u0627\u0632 \u062d\u0645\u0644\u0627\u062a \u0631\u0627 \u062a\u0648\u0635\u06cc\u0641 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u06cc\u06a9\u06cc \u0627\u0632 \u0622\u0646\u0647\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u0627\u0644\u06af\u0648\u06cc \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0622\u0641\u06cc\u0633 \u0628\u0627 \u0645\u0627\u06a9\u0631\u0648\u0647\u0627\u06cc \u0645\u062e\u0631\u0628 \u0628\u0631\u0627\u06cc \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 CVE-2017-0199 \u0642\u062f\u06cc\u0645\u06cc \u0648 \u062e\u0637\u0631\u0646\u0627\u06a9 \u0627\u062c\u0631\u0627 \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\u06af\u0631\u0648\u0647 Group-IB \u0627\u0634\u0627\u0631\u0647 \u06a9\u0631\u062f \u06a9\u0647 Dark Pink \u062f\u0627\u0631\u0627\u06cc TTP \u0647\u0627\u06cc \u0645\u0646\u062d\u0635\u0631 \u0628\u0647 \u0641\u0631\u062f \u0627\u0633\u062a \u0648 \u06cc\u06a9 \u062c\u0639\u0628\u0647 \u0627\u0628\u0632\u0627\u0631 \u0633\u0641\u0627\u0631\u0634\u06cc \u06a9\u0647 \u062f\u0631 \u062d\u0645\u0644\u0627\u062a \u06cc\u0627\u0641\u062a \u0645\u06cc \u0634\u0648\u062f \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0628\u0631\u0627\u06cc \u0633\u0631\u0642\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0648 \u062a\u0648\u0632\u06cc\u0639 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062f\u0631\u0627\u06cc\u0648\u0647\u0627\u06cc USB \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u062f.\n\n\u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc DLL \u0645\u0646\u062a\u0634\u0631\u0646\u0634\u062f\u0647 \u0648 \u0631\u0648\u0634\u200c\u0647\u0627\u06cc \u0631\u0627\u0647\u200c\u0627\u0646\u062f\u0627\u0632\u06cc \u0631\u0648\u06cc\u062f\u0627\u062f \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0628\u0627\u0631\u0647\u0627\u06cc \u0631\u0648\u06cc \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0642\u0631\u0628\u0627\u0646\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u06a9\u0646\u062f.\n\n\u0647\u062f\u0641 \u0645\u0647\u0627\u062c\u0645 \u0633\u0631\u0642\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0627\u0632 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u060c \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u067e\u06cc\u0627\u0645\u200c\u0631\u0633\u0627\u0646\u200c\u0647\u0627\u06cc \u0641\u0648\u0631\u06cc\u060c \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0633\u0646\u0627\u062f \u0648 \u0631\u0647\u06af\u06cc\u0631\u06cc \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0635\u0648\u062a\u06cc \u0627\u0632 \u0645\u06cc\u06a9\u0631\u0648\u0641\u0648\u0646 \u062f\u0633\u062a\u06af\u0627\u0647 \u0622\u0644\u0648\u062f\u0647 \u0627\u0633\u062a.\n\n\u0628\u0647 \u06af\u0641\u062a\u0647 \u0645\u062d\u0642\u0642\u0627\u0646\u060c \u0627\u0632 \u0698\u0648\u0626\u0646 \u062a\u0627 \u062f\u0633\u0627\u0645\u0628\u0631 2022\u060c Dark Pink \u0645\u0648\u0641\u0642 \u0628\u0647 \u0627\u062c\u0631\u0627\u06cc \u062d\u062f\u0627\u0642\u0644 \u0647\u0641\u062a \u062d\u0645\u0644\u0647 \u0645\u0648\u0641\u0642\u06cc\u062a \u0622\u0645\u06cc\u0632 \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\u06cc\u06a9 \u0646\u0645\u0648\u0646\u0647 \u0627\u0648\u0644\u06cc\u0647 \u062d\u0645\u0644\u0647\u060c \u0627\u06cc\u0645\u06cc\u0644\u200c\u0647\u0627\u06cc \u0641\u06cc\u0634\u06cc\u0646\u06af \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0633\u062a \u06a9\u0647 \u0642\u0631\u0628\u0627\u0646\u06cc \u0631\u0627 \u0641\u0631\u06cc\u0628 \u0645\u06cc\u200c\u062f\u0647\u062f \u062a\u0627 \u0641\u0627\u06cc\u0644 \u062a\u0635\u0648\u06cc\u0631\u06cc ISO \u0645\u062e\u0631\u0628 \u0631\u0627 \u062f\u0627\u0646\u0644\u0648\u062f \u06a9\u0646\u062f.\n\n\u0627\u0645\u0627 \u0627\u0646\u0648\u0627\u0639 \u062f\u06cc\u06af\u0631\u06cc \u0627\u0632 \u0632\u0646\u062c\u06cc\u0631\u0647 \u062d\u0645\u0644\u0627\u062a \u0646\u06cc\u0632 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0646\u062f. \u0628\u0647 \u0648\u06cc\u0698\u0647\u060c \u0628\u0627\u0632\u06cc\u06af\u0631 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0632 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 ISO \u0628\u0627 \u06cc\u06a9 \u0633\u0646\u062f \u0641\u0631\u06cc\u0628\u0646\u062f\u0647\u060c \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u0627\u062c\u0631\u0627\u06cc\u06cc \u0627\u0645\u0636\u0627 \u0634\u062f\u0647 \u0648 \u06cc\u06a9 DLL \u0645\u062e\u0631\u0628 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f \u06a9\u0647 \u0645\u0646\u062c\u0631 \u0628\u0647 \u0627\u0633\u062a\u0642\u0631\u0627\u0631 \u06cc\u06a9\u06cc \u0627\u0632 \u062f\u0648 \u062f\u0632\u062f \u0633\u0641\u0627\u0631\u0634\u06cc \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u062c\u0627\u0646\u0628\u06cc DLL \u0634\u062f.\n\nCucky \u0648 Ctealer \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631\u0647\u0627\u06cc \u0645\u062e\u0635\u0648\u0635 \u0633\u0631\u0642\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0647\u0633\u062a\u0646\u062f \u06a9\u0647 \u0628\u0647 \u062a\u0631\u062a\u06cc\u0628 \u0628\u0627 \u062f\u0627\u062a \u0646\u062a \u0648 \u0633\u06cc \u067e\u0644\u0627\u0633 \u067e\u0644\u0627\u0633 \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647 \u0627\u0646\u062f \u0648 \u0628\u0627 \u0647\u062f\u0641 \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0631\u0645\u0632\u0647\u0627\u06cc \u0639\u0628\u0648\u0631\u060c \u062a\u0627\u0631\u06cc\u062e\u0686\u0647 \u0645\u0631\u0648\u0631\u060c \u0648\u0631\u0648\u062f \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u0630\u062e\u06cc\u0631\u0647 \u0634\u062f\u0647 \u0648 \u06a9\u0648\u06a9\u06cc \u0647\u0627 \u0627\u0632 \u062a\u0645\u0627\u0645 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc \u0648\u0628 \u0634\u0646\u0627\u062e\u062a\u0647 \u0634\u062f\u0647 \u0647\u0633\u062a\u0646\u062f.\n\n\u0645\u0631\u062d\u0644\u0647 \u0628\u0639\u062f\u06cc \u0628\u0627\u0632\u0646\u0634\u0627\u0646\u06cc \u0627\u06cc\u0645\u067e\u0644\u0646\u062a \u0631\u062c\u06cc\u0633\u062a\u0631\u06cc \u0628\u0647 \u0646\u0627\u0645 TelePowerBot \u0628\u0648\u062f \u06a9\u0647 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u06cc\u06a9 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u062f\u0631 \u0647\u0646\u06af\u0627\u0645 \u0628\u0648\u062a \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc \u0645\u06cc \u0634\u0648\u062f \u0648 \u0628\u0647 \u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645 \u0645\u062a\u0635\u0644 \u0645\u06cc \u0634\u0648\u062f \u0648 \u0627\u0632 \u0622\u0646\u062c\u0627 \u062f\u0633\u062a\u0648\u0631\u0627\u062a PowerShell \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627 \u062f\u0631\u06cc\u0627\u0641\u062a \u0645\u06cc \u06a9\u0646\u062f.\n\n\u0628\u0647 \u0637\u0648\u0631 \u0645\u0639\u0645\u0648\u0644\u060c \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0628\u0647 \u0634\u0645\u0627 \u0627\u0645\u06a9\u0627\u0646 \u0645\u06cc \u062f\u0647\u0646\u062f \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u06cc \u06a9\u0646\u0633\u0648\u0644 \u0633\u0627\u062f\u0647 \u06cc\u0627 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0647\u0627\u06cc \u067e\u06cc\u0686\u06cc\u062f\u0647 PowerShell \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f \u06a9\u0647 \u0646\u0627\u0648\u0628\u0631\u06cc \u062c\u0627\u0646\u0628\u06cc \u0631\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062f\u0631\u0627\u06cc\u0648\u0647\u0627\u06cc USB \u0642\u0627\u0628\u0644 \u062c\u0627\u0628\u062c\u0627\u06cc\u06cc \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc \u06a9\u0646\u062f.\n\n\u06af\u0632\u06cc\u0646\u0647 \u062f\u06cc\u06af\u0631 \u0634\u0627\u0645\u0644 \u06cc\u06a9 \u0633\u0646\u062f \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a \u0622\u0641\u06cc\u0633 (.DOC) \u062f\u0631 \u062f\u0627\u062e\u0644 \u06cc\u06a9 \u0641\u0627\u06cc\u0644 ISO \u0628\u0648\u062f \u06a9\u0647 \u0648\u0642\u062a\u06cc \u0627\u0632 GitHub \u0628\u0627\u0632 \u0634\u062f\u060c \u06cc\u06a9 \u0627\u0644\u06af\u0648 \u0628\u0627 \u06cc\u06a9 \u0645\u0627\u06a9\u0631\u0648 \u0645\u062e\u0631\u0628 \u06a9\u0647 TelePowerBot \u0631\u0627 \u062f\u0627\u0646\u0644\u0648\u062f \u06a9\u0631\u062f\u0647 \u0648 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a\u06cc \u062f\u0631 \u0631\u062c\u06cc\u0633\u062a\u0631\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 \u0627\u06cc\u062c\u0627\u062f \u06a9\u0631\u062f\u060c \u0628\u0627\u0632\u06cc\u0627\u0628\u06cc \u06a9\u0631\u062f.\n\n\u0632\u0646\u062c\u06cc\u0631\u0647 \u0633\u0648\u0645 \u062d\u0645\u0644\u0627\u062a\u060c \u06a9\u0647 \u062f\u0631 \u062f\u0633\u0627\u0645\u0628\u0631 2022 \u0627\u0646\u062c\u0627\u0645 \u0634\u062f\u060c \u0645\u0634\u0627\u0628\u0647 \u0627\u0648\u0644\u06cc\u0646 \u0628\u0648\u062f. \u0628\u0627 \u0627\u06cc\u0646 \u062d\u0627\u0644\u060c \u0628\u0647 \u062c\u0627\u06cc TelePowerBot\u060c \u0628\u062f\u0627\u0641\u0632\u0627\u0631 \u0648\u06cc\u0698\u0647 \u062f\u06cc\u06af\u0631\u06cc \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u0634\u062f \u06a9\u0647 \u0645\u062d\u0642\u0642\u0627\u0646 \u0622\u0646 \u0631\u0627 KamiKakaBot \u0645\u06cc \u0646\u0627\u0645\u0646\u062f \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0637\u0631\u0627\u062d\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\n\nKamiKakaBot \u06cc\u06a9 \u0646\u0633\u062e\u0647 \u062f\u0627\u062a \u0646\u062a \u0627\u0632 TelePowerBot \u0627\u0633\u062a \u06a9\u0647 \u0642\u0627\u0628\u0644\u06cc\u062a \u0633\u0631\u0642\u062a \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0631\u0627 \u0646\u06cc\u0632 \u062f\u0627\u0631\u062f \u0648 \u062f\u0627\u062f\u0647 \u0647\u0627\u06cc \u0630\u062e\u06cc\u0631\u0647 \u0634\u062f\u0647 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc Chrome \u0648 Firefox \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u0645\u06cc \u062f\u0647\u062f.\n\n\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c Dark Pink \u0627\u0632 \u06cc\u06a9 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a\u06cc \u0646\u06cc\u0632 \u0628\u0631\u0627\u06cc \u0636\u0628\u0637 \u0635\u062f\u0627 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0645\u06cc\u06a9\u0631\u0648\u0641\u0648\u0646 \u062f\u0631 \u0641\u0627\u0635\u0644\u0647 \u0632\u0645\u0627\u0646\u06cc \u06cc\u06a9 \u062f\u0642\u06cc\u0642\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f. \u062f\u0627\u062f\u0647 \u0647\u0627 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0622\u0631\u0634\u06cc\u0648 ZIP \u062f\u0631 \u06cc\u06a9 \u067e\u0648\u0634\u0647 \u0645\u0648\u0642\u062a \u0648\u06cc\u0646\u062f\u0648\u0632 \u0630\u062e\u06cc\u0631\u0647 \u0645\u06cc \u0634\u0648\u0646\u062f \u0648 \u0633\u067e\u0633 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0631\u0628\u0627\u062a \u062a\u0644\u06af\u0631\u0627\u0645 \u0645\u0646\u062a\u0642\u0644 \u0645\u06cc \u0634\u0648\u0646\u062f.\n\n\u0639\u0644\u0627\u0648\u0647 \u0628\u0631 \u0627\u06cc\u0646\u060c \u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u0627\u0628\u0632\u0627\u0631 \u0648\u06cc\u0698\u0647 ZMsg \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u062e\u0631\u0627\u062c \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0627\u0632 \u067e\u06cc\u0627\u0645 \u0631\u0633\u0627\u0646 \u0647\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u062f \u06a9\u0647 \u0645\u06a9\u0627\u062a\u0628\u0627\u062a Viber\u060c Telegram \u0648 Zalo \u0631\u0627 \u0645\u06cc \u062f\u0632\u062f\u062f.\n\n\u0646\u062a\u0627\u06cc\u062c \u062a\u062c\u0632\u06cc\u0647 \u0648 \u062a\u062d\u0644\u06cc\u0644 \u0641\u0639\u0627\u0644\u06cc\u062a Dark Pink \u0628\u0647 Group-IB \u0627\u062c\u0627\u0632\u0647 \u062f\u0627\u062f \u062a\u0627 \u0628\u0647 \u0627\u062d\u062a\u0645\u0627\u0644 \u0632\u06cc\u0627\u062f \u0645\u0648\u0641\u0642\u06cc\u062a \u0647\u0641\u062a \u062d\u0645\u0644\u0647 \u0631\u0627 \u0627\u0639\u0644\u0627\u0645 \u06a9\u0646\u062f\u060c \u0627\u0645\u0627 \u0645\u062d\u0642\u0642\u0627\u0646 \u0645\u0639\u062a\u0642\u062f\u0646\u062f \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0633\u06cc\u0627\u0631 \u0628\u06cc\u0634\u062a\u0631 \u0628\u0627\u0634\u062f.\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2023-01-27T19:02:57.000000Z"}, {"uuid": "ae2ba9c3-522f-4b9e-8fe7-f83ab8ccb2ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/BleepingComputer/999", "content": "Recent Microsoft 0-Day Used for Cyber-Espionage and Mundane Malware Distribution\n\nThe saga of CVE-2017-0199, a recently patched zero-day vulnerability affecting Microsoft Office and WordPad, just got a little stranger yesterday after cyber-security firm FireEye revealed the vulnerability was used by both cyber-criminals pushing mundane malware, and also by state-sponsored cyber-espionage groups. [...]\n\nhttps://www.bleepingcomputer.com/news/security/recent-microsoft-0-day-used-for-cyber-espionage-and-mundane-malware-distribution/", "creation_timestamp": "2017-04-13T12:02:35.000000Z"}, {"uuid": "d60bca7e-b235-4de7-87b9-40e820ee876a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/true_secator/7370", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0433\u043e\u0442\u043e\u0432\u0438\u0442\u044c \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u043e\u0442\u0447\u0435\u0442 \u0437\u0430 2 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2025 \u0433\u043e\u0434\u0430.\n\n\u0420\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0432\u0435\u0441\u044c\u043c\u0430 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u043d\u043e\u0439.\n\n\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435\u0445 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430: UEFI, \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439. \n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043d\u0430\u0448\u0435\u043c\u0443 \u0430\u043d\u0430\u043b\u0438\u0437\u0443, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u043a\u0430\u043a \u0438 \u0432 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u043f\u0435\u0440\u0438\u043e\u0434\u044b,\u00a0\u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c.\n\n\u0412\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430, \u043a\u0430\u043a \u0438 \u043f\u0440\u0435\u0436\u0434\u0435, \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u0431\u044b\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Microsoft Office, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0420\u0435\u0448\u0435\u043d\u0438\u044f \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0435\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Windows \u0434\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: CVE-2018-0802 (RCE\u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Equation Editor), CVE-2017-11882 (\u0435\u0449\u0435 \u043e\u0434\u043d\u0430 RCE \u0432 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0435 \u0444\u043e\u0440\u043c\u0443\u043b), CVE-2017-0199 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Microsoft Office \u0438 WordPad, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439).\n\n\u0414\u0430\u043b\u0435\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 WinRAR \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 NetNTLM \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows: CVE-2023-38831 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 WinRAR), CVE-2025-24071 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0432\u043e\u0434\u043d\u0438\u043a\u0430 Windows) \u0438 CVE-2024-35250 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u00a0ks.sys).\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: CVE-2022-0847 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Dirty Pipe), CVE-2019-13272 (EoP-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043d\u0430\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439) \u0438 CVE-2021-22555 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u0443\u0447\u0438 \u0432 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u044f\u0434\u0440\u0430 Netfilter).\n\n\u0412\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043c\u044b \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043f\u043e \u0442\u0438\u043f\u0430\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u043b\u043e \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 \u0442\u0430\u043a\u0436\u0435 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430\u0445 C2 (Sliver, Metasploit, Havoc \u0438 Brute Ratel C4) \u0432 \u043f\u0435\u0440\u0432\u043e\u0439 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0435 2025 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e\u0441\u043b\u0435 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432 \u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043e\u0431\u0440\u0430\u0437\u0446\u043e\u0432 \u0430\u0433\u0435\u043d\u0442\u043e\u0432 C2, \u0432 \u041b\u041a \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438 \u0432 APT-\u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u0443\u0447\u0430\u0441\u0442\u0438\u0435\u043c \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0445 \u0432\u044b\u0448\u0435 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u043e\u0432 C2 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n\n- CVE-2025-31324 \u0432 SAP NetWeaver Visual Composer Metadata Uploader: \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 10,0.\n\n- CVE-2024-1709 \u0432 ConnectWise ScreenConnect 23.9.7: \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0431\u0445\u043e\u0434\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 10,0.\n\n- CVE-2024-31839, XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f CHAOS v5.0.1: \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a EoP.\n\n- CVE-2024-30850, RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 CHAOS v5.0.1: \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e.\n\n- CVE-2025-33053: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u0434\u043b\u044f LNK-\u0444\u0430\u0439\u043b\u043e\u0432 \u0432 Windows: \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n\u0427\u0435\u0442\u043a\u0430\u044f \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430, \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u044c\u043d\u044b\u0439 TOP 10 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\u00a0\u0438 \u0440\u0430\u0437\u0431\u043e\u0440 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0437\u043d\u0430\u0447\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-08-27T15:30:05.000000Z"}, {"uuid": "16dad2c4-dbcf-4abe-8b95-ccc0825c7da4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "published-proof-of-concept", "source": "https://t.me/Torchik_Rus/982", "content": "\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2017-0199 \u0432 Microsoft Word - https://blackdiver.net/it/security-it/4472", "creation_timestamp": "2017-06-11T04:32:43.000000Z"}, {"uuid": "285d2b0a-dc77-4425-a672-ba64bdc643b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/true_secator/7103", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0431\u043e\u043c\u0431\u0438\u0442\u044c \u043e\u0442\u0447\u0435\u0442\u0430\u043c\u0438, \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043f\u043e\u0434\u043e\u0433\u043d\u0430\u043b\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0437\u0430 \u043f\u0435\u0440\u0432\u044b\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2025 \u0433\u043e\u0434\u0430.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u043b\u0430\u0441\u044c \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 2024 \u0433\u043e\u0434\u0443, \u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435 \u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0430 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0430 \u0438\u0445 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u043e\u043c \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0433\u043e\u0434\u044b.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043c\u043d\u043e\u0433\u0438\u0435 CWE \u0438\u0437 TOP 10 \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 Microsoft \u0438 \u044f\u0434\u0440\u0430 Linux \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u044e\u0442 \u0438\u043b\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c\u0438, \u0430 \u0437\u043d\u0430\u0447\u0438\u0442, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0441\u0445\u043e\u0436\u0438\u0445 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0430\u0445, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u0447\u0430\u0441\u0442\u043e \u043a \u00ab\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e\u00bb \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0430\u0442\u0430\u043a \u0434\u043b\u044f Linux \u043d\u0430 Windows \u0438 \u043d\u0430\u043e\u0431\u043e\u0440\u043e\u0442.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0430\u0442\u0430\u043a \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u0432\u044b\u0440\u043e\u0441\u043b\u043e \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043f\u0435\u0440\u0438\u043e\u0434\u043e\u043c \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u0438 \u043f\u0440\u0435\u0436\u0434\u0435, \u043b\u044c\u0432\u0438\u043d\u0430\u044f \u0434\u043e\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Microsoft Office.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0447\u0430\u0449\u0435 \u0438\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u0442\u0430\u0440\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2018-0802, CVE-2017-11882 (\u043e\u0431\u0435 RCE \u0432 Equation Editor), CVE-2017-0199 (Microsoft Office \u0438 WordPad).\n\n\u0412\u0441\u0435 \u0442\u0440\u0438 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u0430\u043c\u044b\u043c\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 2024 \u0433\u043e\u0434\u0430, \u0438 \u043c\u044b \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c, \u0447\u0442\u043e \u0442\u0430\u043a\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0441\u044f \u0438 \u0432 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c.\n\n\u0417\u0430 \u043d\u0438\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 WinRAR \u0438 \u0432 \u0441\u0430\u043c\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows: CVE-2023-38831 (WinRAR), CVE-2024-35250 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u00a0ks.sys) \u0438 CVE-2022-3699 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 Lenovo Diagnostics).\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0431\u043e\u043b\u044c\u0448\u0435 \u0432\u0441\u0435\u0433\u043e \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2022-0847 (Dirty Pipe), CVE-2019-13272 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043d\u0430\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439) \u0438 CVE-2021-3156 (\u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435\u00a0sudo).\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043a\u0430\u043a \u0441\u0430\u043c\u043e\u0435 \u0441\u043b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043b\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0443 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u0447\u0438\u0441\u043b\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u043c - \u044d\u0442\u0430 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u043b\u0430\u0441\u044c \u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u0432\u0441\u0435\u0433\u043e \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u0430\u0441\u044c \u0434\u043e\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Microsoft Office.\n\n\u0418\u0437\u0443\u0447\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 APT, \u0432 \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430: CVE-2025-0282, CVE-2024-21887 \u0438 CVE-2025-0283 (Ivanti Connect Secure), CVE-2020-1472 (Netlogon Windows), CVE-2023-46805 (Ivanti ICS), CVE-2023-48788 (Fortinet) \u0438 \u0434\u0440.\n\n\u041e\u0442\u043c\u0435\u0442\u0438\u043c, \u0447\u0442\u043e \u0432 TOP 10 \u0432\u0435\u0440\u043d\u0443\u043b\u0430\u0441\u044c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443 \u0434\u043e\u043c\u0435\u043d\u0430.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438: \n\n- ZDI-CAN-25373: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 lnk-\u0444\u0430\u0439\u043b\u043e\u0432 \u0432 \u041e\u0421 Windows;\n\n- CVE-2025-21333: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043a\u0443\u0447\u0435 \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 vkrnlintvsp.sys;\n\n- CVE-2025-24071: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0442\u0435\u0447\u043a\u0438 NetNTLM-\u0445\u044d\u0448\u0430 \u0432 \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u0442\u043e\u0440\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0438 \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-06-04T18:00:07.000000Z"}, {"uuid": "f4826080-c5b3-4415-983b-c462a4555bf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/is_n3ws/34", "content": "\u200c\u041a\u043e\u043c\u0430\u043d\u0434\u0430 Recorded Future \u043f\u0440\u043e\u0448\u0435\u0440\u0441\u0442\u0438\u043b\u0430 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0434\u0430\u0440\u043a\u0432\u0435\u0431 \u0438 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0441\u043f\u0438\u0441\u043e\u043a \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u0433\u043e\u0434\u0430\u043c.\u00a0\n\n\n\u200b\u200bCVE-2018-15982\nis a use-after-free in the Flash\u2019s file package com.adobe.tvsdk.mediacore.metadata that can be exploited to deliver and execute malicious code on a victim\u2019s computer. Exploit vector: rtf document with flash object.\n\nCVE-2018-8174\nWindows VBScript Engine Remote Code Execution Vulnerability. Exploit vector:\u00a0 An attacker could embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document.\n\nCVE-2017-11882\nVulnerability in an older version of the Office Equation Editor. Exploit vector: RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload.\n\nCVE-2018-4878\nFlash Player vulnerability. Exploit vector: The Excel file carrying an embedded SWF file with the exploit.\n\nCVE-2019-0752\nA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. Exploit vector: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document that hosts the IE rendering engine.\n\nCVE-2017-0199\nMS Office zero-day vulnerability. Exploit vector: Microsoft Word RTF (Rich Text Format) document.\n\nCVE-2015-2419\nJScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"JScript9 Memory Corruption Vulnerability.\"\n\nCVE-2018-20250\nWinRAR vulnerability that allows attackers to extract a malicious executable to one of the Windows Startup folder to be executed every time the system is booted.\n\nCVE-2017-8750\nA remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory.\u00a0 Exploit vector: An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers.\n\nCVE-2012-0158\nA buffer overflow vulnerability in the\u00a0 ListView / TreeView ActiveX controls in the MSCOMCTL.OCX library. The malicious code can be triggered by a specially crafted DOC or RTF file for MS Office versions 2003, 2007 and 2010.\n\nhttps://www.helpnetsecurity.com/2020/02/06/most-exploited-vulnerabilities-2019/", "creation_timestamp": "2020-02-07T07:05:41.000000Z"}, {"uuid": "c5776676-a314-4990-b15f-5e0504757f98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "published-proof-of-concept", "source": "Telegram/JyVCo-XBS-1P8WmwmxkSQbEXyOb2qHf5aAkCx5Iwow16GFGz", "content": "", "creation_timestamp": "2024-12-04T14:07:30.000000Z"}, {"uuid": "cdad9750-2be4-4489-9797-11650ad56fbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/5004", "content": "YouTube : https://youtu.be/8DeZ350YxM4\nForum : https://dragonforce.io/threads/0-day-exploit-cve-2017-0199-2023.15907/", "creation_timestamp": "2023-05-12T16:07:26.000000Z"}, {"uuid": "18b4a416-d0c3-4240-95f9-df17f0a7f255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/BABATATASASA/7135", "content": "Beginner Guide to Classic Cryptography\nWiFi Exploitation with WifiPhisher\n4 Ways to Capture NTLM Hashes in Network\nPenetration Testing Lab Setup:Cloud Computing\nPenetration Testing Lab Setup: Memcached\nPenetration Testing Lab Setup: Microsocks\nPenetration Testing Lab Setup: Squid Proxy\nPost Exploitation in VMware Files with Meterpreter\nLab Setup for VOIP Penetration Testing\nUnderstanding Guide to ICMP Protocol with Wireshark\nTelnet Pivoting through Meterpreter\nSSH Pivoting using Meterpreter\nVNC Pivoting through Meterpreter\nVNC tunnelling over SSH\nFTP Pivoting through RDP\nRDP Pivoting with Metasploit\nFTP Penetration Testing on Windows (Port 21)\nFTP Penetration Testing in Ubuntu (Port 21)\nSSH Penetration Testing (Port 22)\nPenetration Testing on Telnet (Port 23)\nSMTP Pentest Lab Setup in Ubuntu (Port 25)\nNetBIOS and SMB Penetration Testing on Windows (Port 135-139,445)\nPenetration Testing on MYSQL (Port 3306)\nRemote Desktop Penetration Testing (Port 3389)\nMySQL Penetration Testing with Nmap\n4 ways to SMTP Enumeration\nHow to secure Ubuntu Server using Google Authenticator\n4 Ways to DNS Enumeration\nUnderstanding Log Analysis of Web Server\n3 ways to scan Eternal Blue Vulnerability in Remote PC\nBeginner Guide to Meterpreter (Part 1)\nBypass UAC Protection of Remote Windows 10 PC (Via FodHelper Registry Key)\nBypass Admin access through guest Account in windows 10\nHack Legal Notice Caption of Remote PC\nExploit Windows PC using EternalBlue SMB Remote Windows Kernel Pool Corruption\nCreate SSL Certified Meterpreter Payload using MPM\nEmbedded Backdoor with Image using FakeImageExploiter\nExploit Windows 10 PC with Microsoft RTF File (CVE-2017-0199)\nExploit Windows 7 PC using Torrent File\nDump Cleartext Password in Linux PC using MimiPenguin\nStealing Windows Credentials of Remote PC with MS Office Document\nBypass Windows Login Password using Android Phone with DriveDroid\nHow to Delete Firewall Log in Remote PC using Metasploit\nHow to Enable and Monitor Firewall Log in Windows PC\nRun OS Command against Multiple Session in Metasploit\nHiding Shell with Prepend Migrate using Msfvenom\nCapture VNC Session of Remote PC using Msfvenom\nPenetration Testing in Metasploitable 3 with SMB and Tomcat\nExploitation of Metasploitable 3 using Glassfish Service\nManual Penetration Testing in Metasploitable 3\nHack Metasploitable 3 using Mysql Service Exploitation\nPerform DOS Attack on Metasploitable 3\nHack Metasploitable 3 using SMB Service Exploitation\nMetasploitable 3 Exploitation using Brute forcing SSH\nHack Metasploitable 3 using Elasticsearch Exploit\nFTP Service Exploitation in Metasploitable 3\nGet Meterpreter Session of Locked PC Remotely (Remote Desktop Enabled)\nHack Locked PC in Network using Metasploit\nHack ALL Linux Kernel using Dirtycow Exploit (Privilege Escalation)\nComprehensive Guide on Metasploitable 2\nFun with Metasploit Payloads\nHack Remote Windows PC using Office OLE Multiple DLL Hijack Vulnerabilities\nHow to Detect Meterpreter in Your PC\nPenetration Testing in Active Directory using Metasploit (Part 2)\nHack Remote Windows PC using DLL Files (SMB Delivery Exploit)\nHack Remote Windows 10 PC using TheFatRat\nFirewall Pentest Lab Setup with pfsense in VMware\nPenetration Testing in Windows Server Active Directory using Metasploit (Part 1)\nCapture VNC Session of Remote Windows PC by Payloads Injection\nHack Remote PC using Malicious MS Office Documents\nHack Remote Windows PC using Regsvr32.exe (.sct) Application Whitelisting Bypass Server\nWifi Penetration Testing using Gerix Wifi Cracker\nHack Remote PC using Microsoft Office Files (Macro Payloads)\nHack Locked Workstation Password in Clear Text\nHow to Detect Sniffer on Your Network\nHow to Create Botnet for D-Dos Attack with UFONet\nHack your Network through Android Phone using cSploit\nSetup Firewall Pentest Lab using Clear OS", "creation_timestamp": "2024-09-26T14:32:31.000000Z"}, {"uuid": "910e4898-7909-4b40-96c0-1bb33ba64ebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/alexmakus/1226", "content": "\u0410\u0433\u0430, \u0430 \u0432\u043e\u0442 \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f Petya.A https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199", "creation_timestamp": "2017-06-27T16:57:35.000000Z"}, {"uuid": "0fe2b850-51f2-4eaa-85ea-80c149c45308", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/alexmakus/1227", "content": "\u041f\u043e\u0445\u043e\u0436\u0435, \u0447\u0442\u043e \u043d\u043e\u0432\u044b\u0439 \u043f\u043e\u0434\u0432\u0438\u0434 Petya.A, \u0440\u0430\u0437\u0433\u0443\u043b\u0438\u0432\u0430\u044e\u0449\u0438\u0439 \u0441\u0435\u0433\u043e\u0434\u043d\u044f \u2014\u00a0\u044d\u0442\u043e \u043a\u043e\u043c\u0431\u0438\u043d\u0430\u0446\u0438\u044f CVE-2017-0199 (\u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u044f \u0434\u0430\u0432\u0430\u043b \u0441\u0441\u044b\u043b\u043a\u0443 \u0432\u044b\u0448\u0435) \u0438 MS17-010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx, \u043e\u043d\u0430 \u0436\u0435 \u2014\u00a0ETERNALBLUE, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u0432 Wcry \u043f\u043e \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0430\u043c \u0443\u0442\u0435\u0447\u043a\u0438 \u0447\u0435\u0440\u0435\u0437 ShadowBrokers). \u0423\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u044b\u0439 \u0441\u043e\u0432\u0435\u0442 \u2014\u00a0\u0410\u041f\u0414\u0415\u0419\u0422, \u0410\u041f\u0414\u0415\u0419\u0422, \u0410\u041f\u0414\u0415\u0419\u0422!", "creation_timestamp": "2017-06-27T17:11:58.000000Z"}, {"uuid": "da622ed2-7d93-49e8-955e-f1b8a7fee9dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "Telegram/IjV0YtrTBT_EjDP9vpZar7Uxo2OuV2-kjU1JTV0Z6Vcp0bIi", "content": "", "creation_timestamp": "2025-02-14T10:03:10.000000Z"}, {"uuid": "7ef2e75a-5280-4aae-b236-208a9a98ed96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/Exploitationn/2412", "content": "0-day Exploit cve-2017-0199\n------------------------------------------\nMicrosoft Office RTF doucment \n\nTargeting > Windows 10\nBy: DIAZ aka Pendekar1337\n\nThread: Coming soon :)", "creation_timestamp": "2023-05-03T17:10:49.000000Z"}, {"uuid": "c842a41c-df87-438f-a8f4-8f16f74438a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/Exploitationn/531", "content": "0-day Exploit cve-2017-0199\n------------------------------------------\nMicrosoft Office RTF doucment \n\nTargeting > Windows 10\nBy: DIAZ aka Pendekar1337\n\nThread: Coming soon :)", "creation_timestamp": "2023-05-03T17:10:49.000000Z"}, {"uuid": "6dd29ddb-856f-48b1-8461-9737da522931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "published-proof-of-concept", "source": "https://t.me/SynixCyberCrimeMy/503", "content": "YouTube : https://youtu.be/8DeZ350YxM4\nForum : https://dragonforce.io/threads/0-day-exploit-cve-2017-0199-2023.15907/", "creation_timestamp": "2023-05-18T16:08:58.000000Z"}, {"uuid": "fbe2e25c-69fb-4bad-bbd6-69c85f66fb1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/SynixCyberCrimeMy/487", "content": "0-day Exploit cve-2017-0199\n------------------------------------------\nMicrosoft Office RTF doucment \n\nTargeting > Windows 10\nBy: DIAZ aka Pendekar1337\n\nThread: Coming soon :)", "creation_timestamp": "2023-05-03T17:06:25.000000Z"}, {"uuid": "f9e1aecd-79f2-4b49-ac25-57422f637643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6034", "content": "Blackberry \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043d\u043e\u0432\u0443\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0438 TTPs SideWinder, \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u00a0\u043d\u0430 \u043f\u043e\u0440\u0442\u044b \u0438 \u043c\u043e\u0440\u0441\u043a\u0438\u0435 \u0441\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432 \u0418\u043d\u0434\u0438\u0439\u0441\u043a\u043e\u043c \u043e\u043a\u0435\u0430\u043d\u0435 \u0438 \u0421\u0440\u0435\u0434\u0438\u0437\u0435\u043c\u043d\u043e\u043c \u043c\u043e\u0440\u0435.\n\n\u0418\u043d\u0434\u0438\u0439\u0441\u043a\u0430\u044f SideWinder APT (Razor Tiger, Rattlesnake \u0438 T-APT-04) \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 2012 \u0438 \u0440\u0430\u043d\u0435\u0435 \u0431\u044b\u043b\u0430 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 \u0432 \u043d\u0430\u043f\u0430\u0434\u0435\u043d\u0438\u044f\u0445 \u043d\u0430 \u0432\u043e\u0435\u043d\u043d\u044b\u0435, \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0438 \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u041f\u0430\u043a\u0438\u0441\u0442\u0430\u043d\u0430, \u0410\u0444\u0433\u0430\u043d\u0438\u0441\u0442\u0430\u043d\u0430, \u041a\u0438\u0442\u0430\u044f \u0438 \u041d\u0435\u043f\u0430\u043b\u0430.\n\n\u0414\u043e\u043c\u0435\u043d\u044b \u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0441 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u043e\u0439 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430, \u043f\u043e\u0434\u0440\u0430\u0437\u0443\u043c\u0435\u0432\u0430\u044e\u0442 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433 \u043d\u0430 \u041f\u0430\u043a\u0438\u0441\u0442\u0430\u043d, \u0415\u0433\u0438\u043f\u0435\u0442 \u0438 \u0428\u0440\u0438-\u041b\u0430\u043d\u043a\u0443.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u0443\u0431\u0434\u043e\u043c\u0435\u043d\u044b \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430, \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u043d\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0411\u0430\u043d\u0433\u043b\u0430\u0434\u0435\u0448, \u041c\u044c\u044f\u043d\u043c\u044b, \u041d\u0435\u043f\u0430\u043b\u0430 \u0438 \u041c\u0430\u043b\u044c\u0434\u0438\u0432.\n\n\u041e\u0441\u043d\u043e\u0432\u044b\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0445 \u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f\u0445, \u0446\u0435\u043b\u044c\u044e \u044d\u0442\u043e\u0439 \u043d\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 SideWinder, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0448\u043f\u0438\u043e\u043d\u0430\u0436 \u0438 \u0441\u0431\u043e\u0440 \u0440\u0430\u0437\u0432\u0435\u0434\u044b\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\nSideWinder \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u043c\u0435\u0442\u043e\u0434\u044b \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u0431\u043e\u043a\u043e\u0432\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 DLL, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0446\u0435\u043b\u0435\u0432\u044b\u0435 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u044b.\n\n\u041e\u0431\u044b\u0447\u043d\u043e \u0436\u0435\u0440\u0442\u0432\u0430 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u0441 \u043e\u0447\u0435\u043d\u044c \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u043d\u044b\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435\u043c \u043d\u0430 VirusTotal \u0438 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0435\u0433\u043e, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0430\u043f \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u043e\u0447\u0435\u043d\u044c \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0434\u0430\u0442\u044c \u0435\u0433\u043e \u0437\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0443\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u0446\u0435\u043b\u0438.\n\n\u0412 \u043d\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b \u0431\u044b\u043b\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 \u043f\u043e\u0440\u0442\u0430 \u0410\u043b\u0435\u043a\u0441\u0430\u043d\u0434\u0440\u0438\u044f \u0432 \u0421\u0440\u0435\u0434\u0438\u0437\u0435\u043c\u043d\u043e\u043c \u043c\u043e\u0440\u0435, \u0442\u0430\u043a\u0436\u0435 \u041f\u043e\u0440\u0442\u043e\u0432\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u041a\u0440\u0430\u0441\u043d\u043e\u043c \u043c\u043e\u0440\u0435.\n\n\u0412\u0441\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0442\u0435\u0445\u043d\u0438\u043a\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0448\u0430\u0431\u043b\u043e\u043d\u0430 (CVE-2017-0199) \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0446\u0435\u043b\u0438.\n\n\u0422\u0435\u043b\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432 \u0432\u0438\u0434\u0435 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0433\u043e \u043f\u0438\u0441\u044c\u043c\u0430, \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 URL \u0432 \u0432\u0438\u0434\u0435 \u043e\u0431\u044b\u0447\u043d\u043e\u0433\u043e \u0442\u0435\u043a\u0441\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u0435\u0434\u0435\u0442 \u043d\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0441\u0430\u0439\u0442, \u043e\u0442\u043a\u0443\u0434\u0430 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u0444\u0430\u0439\u043b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u044d\u0442\u0430\u043f\u0430.\n\n\u0414\u0430\u043b\u0435\u0435 \u0444\u0430\u0439\u043b \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 RTF \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2017-11882. \u041e\u043d \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0448\u0435\u043b\u043b\u043a\u043e\u0434, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u0444\u0430\u0439\u043b\u0430.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0432\u00a0\u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 SideWinder\u00a0\u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 JavaScript, \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0432 \u0444\u0430\u0439\u043b\u0435 RTF.\n\n\u0426\u0435\u043b\u044c\u044e \u0448\u0435\u043b\u043b-\u043a\u043e\u0434\u0430 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0436\u0435\u0440\u0442\u0432\u044b, \u0447\u0442\u043e\u0431\u044b \u0443\u0432\u0438\u0434\u0435\u0442\u044c, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043b\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439, \u0430 \u043d\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u043e\u0439.\n\n\u041f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u044b\u0432\u0430\u0435\u0442 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043a\u043e\u0434 JavaScript, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0433\u0440\u0443\u0437\u0438\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0430\u043f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 - \u0442\u0430\u043a\u0436\u0435 \u043a\u043e\u0434\u043e\u043c JavaScript (\u043d\u043e \u0437\u0430\u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043e\u0431\u0440\u0430\u0437\u0446\u044b \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u044d\u0442\u0430\u043f\u0430 \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c).\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u043f\u043e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u04212 \u0441 \u0433\u0435\u043e\u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u0432\u043e\u0430\u043d\u0438\u0435\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2024-07-29T20:00:07.000000Z"}, {"uuid": "3fe8d3e2-b150-4bbf-971d-7c156f8301b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/true_secator/6124", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0437\u0430 \u0432\u0442\u043e\u0440\u043e\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2024 \u0433\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u043d\u0430\u0441\u044b\u0449\u0435\u043d\u043d\u044b\u043c \u0441 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f \u043d\u043e\u0432\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0438 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u0412 \u043d\u043e\u0432\u043e\u043c \u043e\u0442\u0447\u0435\u0442\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0440\u0435\u0437\u044b \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c.\n\n\u041e\u0431\u0449\u0435\u0435 \u0447\u0438\u0441\u043b\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u0440\u0435\u0432\u044b\u0441\u0438\u043b\u043e \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u0437\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439 \u043f\u0435\u0440\u0438\u043e\u0434 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0433\u043e \u0433\u043e\u0434\u0430, \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044f \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0430.\n\n\u0414\u043e\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 PoC \u0438 \u043e\u0442\u043d\u043e\u0441\u044f\u0449\u0438\u0445\u0441\u044f \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u043d\u0435\u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043d\u0438\u0437\u0438\u043b\u0430\u0441\u044c \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e 2023 \u0433\u043e\u0434\u0430. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e \u0442\u0438\u043f\u0443 \u043f\u043e\u0434\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0435 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043e\u0442\u0441\u0442\u043e\u044f\u0442\u0441\u044f \u043a \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c.\n\n\u0422\u0430\u043a\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438, \u0442\u0430\u043a \u043a\u0430\u043a \u043a \u0447\u0438\u0441\u043b\u0443 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u041f\u041e \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c: \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0431\u043c\u0435\u043d\u0430 \u0444\u0430\u0439\u043b\u0430\u043c\u0438, \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u0447\u0435\u0440\u0435\u0437 VPN, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u043c\u0438 \u0438 IoT-\u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0434\u0430\u043d\u043d\u044b\u0445 \u0442\u0435\u043b\u0435\u043c\u0435\u0442\u0440\u0438\u0438 \u041b\u041a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0434\u043b\u044f Windows \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0440\u0430\u0441\u0442\u0438 \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u0437\u0430 \u0441\u0447\u0435\u0442 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0445 \u0440\u0430\u0441\u0441\u044b\u043b\u043e\u043a \u0438 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043f\u0443\u0442\u0435\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u041a \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Office (CVE-2018-0802, CVE-2017-11882\u00a0, CVE-2017-0199\u00a0 \u0438 CVE-2021-40444\u00a0).\n\n\u041d\u0430\u0431\u0438\u0440\u0430\u044e\u0449\u0430\u044f \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0435 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 Linux \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u0440\u043e\u0441\u0442, \u043e\u0434\u043d\u0430\u043a\u043e \u0432 \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0432\u0435\u0441 Windows \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u044f\u0434\u0440\u043e (CVE-2022-0847, CVE-2023-2640 \u0438 CVE-2021-4034), \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044f EoP.\n\n\u0422\u043e\u043f-10 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0432 APT-\u0430\u0442\u0430\u043a\u0430\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u043b\u0441\u044f \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u00a0\u043f\u0435\u0440\u0432\u043e\u0433\u043e \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0430, \u043d\u043e \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0435 \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0442\u0435\u0445 \u0436\u0435 \u0442\u0438\u043f\u043e\u0432: \u0441\u0435\u0440\u0432\u0438\u0441\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043e\u0444\u0438\u0441\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f.\n\n\u0411\u043e\u043b\u044c\u0448\u043e\u0435 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c Bring You Own Vulnerable Driver (BYOVD). \u041f\u0440\u0438\u0447\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043e\u043b\u0436\u043d\u0430 \u0431\u044b\u0442\u044c \u0441\u0432\u0435\u0436\u0435\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u0430\u043c\u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n2023 \u0433\u043e\u0434 \u0441\u0442\u0430\u043b \u0441\u0430\u043c\u044b\u043c \u0431\u043e\u0433\u0430\u0442\u044b\u043c \u043d\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c BYOVD. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0443 2024-\u0433\u043e \u0438\u0445 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0431\u043e\u043b\u044c\u0448\u0435, \u0447\u0435\u043c \u0437\u0430 2021 \u0438 2022 \u0433\u043e\u0434\u044b, \u0432\u043c\u0435\u0441\u0442\u0435 \u0432\u0437\u044f\u0442\u044b\u0435. \u0412\u0442\u043e\u0440\u043e\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0441\u044f \u0440\u043e\u0441\u0442\u043e\u043c \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f.\n\n\u041d\u0430\u0433\u043b\u044f\u0434\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430 \u0438 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2024 \u0433\u043e\u0434\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2024-08-22T19:40:05.000000Z"}, {"uuid": "a7d6058e-dd66-4a63-b172-fda096f599a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/true_secator/6507", "content": "Fortinet \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e SmokeLoader, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0432 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u043e\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0442\u0430\u0439\u0432\u0430\u043d\u044c\u0441\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0432 \u0441\u0444\u0435\u0440\u0435 IT, \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0441\u0442\u0432\u0430 \u0438 \u0437\u0434\u0440\u0430\u0432\u043e\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f.\n\nSmokeLoader \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0437\u0430\u0441\u0432\u0435\u0442\u0438\u043b\u0441\u044f \u043d\u0430 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0438\u0445 \u0444\u043e\u0440\u0443\u043c\u0430\u0445 \u0435\u0449\u0435 \u0432 2011 \u0433\u043e\u0434\u0443, \u0445\u043e\u0440\u043e\u0448\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u0435\u043d \u0441\u0432\u043e\u0435\u0439 \u0443\u043d\u0438\u0432\u0435\u0440\u0441\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e \u0438 \u043f\u0435\u0440\u0435\u0434\u043e\u0432\u044b\u043c\u0438 \u043c\u0435\u0442\u043e\u0434\u0430\u043c\u0438 \u0443\u043a\u043b\u043e\u043d\u0435\u043d\u0438\u044f, \u0430 \u0435\u0433\u043e \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u0430\u044f \u043a\u043e\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0435\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u0441\u043f\u0435\u043a\u0442\u0440 \u0430\u0442\u0430\u043a: \u043e\u0442 \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043e \u043c\u0430\u0439\u043d\u0438\u043d\u0433\u0430 \u043a\u0440\u0438\u043f\u0442\u044b.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e SmokeLoader, \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u0432 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u043d \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0441\u0430\u043c\u0443 \u0430\u0442\u0430\u043a\u0443, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044f \u043f\u043b\u0430\u0433\u0438\u043d\u044b \u0441\u043e \u0441\u0432\u043e\u0435\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u04212.\n\nSmokeLoader \u0441\u043f\u043e\u0441\u043e\u0431\u0435\u043d \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0440\u0435\u0434\u044b \u0430\u043d\u0430\u043b\u0438\u0437\u0430, \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0442\u0440\u0430\u0444\u0438\u043a \u0438 \u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u043a\u043e\u0434, \u0438\u0437\u0431\u0435\u0433\u0430\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u044f\u044f \u0430\u043d\u0430\u043b\u0438\u0437.\n\n\u041e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u044d\u0442\u043e\u0433\u043e \u0448\u0442\u0430\u043c\u043c\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0432\u0435\u0434\u0443\u0442 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u0443\u044e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0443, \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u044f \u0435\u0433\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b, \u0432\u043d\u0435\u0434\u0440\u044f\u044f \u043d\u043e\u0432\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044f \u043c\u0435\u0442\u043e\u0434\u044b \u043e\u0431\u0444\u0443\u0441\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0437\u0430\u0442\u0440\u0443\u0434\u043d\u0435\u043d\u0438\u044f \u0430\u043d\u0430\u043b\u0438\u0437\u0430.\n\n\u0410\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c SmokeLoader \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043d\u0438\u0437\u0438\u043b\u0430\u0441\u044c \u043f\u043e\u0441\u043b\u0435\u00a0\u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0432 \u043c\u0430\u0435 2024 \u0415\u0432\u0440\u043e\u043f\u043e\u043b\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 Endgame, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0431\u044b\u043b\u0430 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430 IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee \u0438 TrickBot.\n\n\u0422\u043e\u0433\u0434\u0430 \u0431\u044b\u043b\u043e \u0434\u0435\u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043e\u043a\u043e\u043b\u043e 1000 \u0434\u043e\u043c\u0435\u043d\u043e\u0432 C2, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 SmokeLoader, \u0430 \u0431\u043e\u043b\u0435\u0435 50 000 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0431\u044b\u043b\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0437\u0430\u0447\u0438\u0449\u0435\u043d\u044b.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0433\u0440\u0443\u043f\u043f\u0430\u043c\u0438 \u0443\u0433\u0440\u043e\u0437 \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a \u0447\u0435\u0440\u0435\u0437 \u043d\u043e\u0432\u0443\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 C2.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c\u00a0Zscaler, \u044d\u0442\u043e \u0432\u043e \u043c\u043d\u043e\u0433\u043e\u043c \u0441\u0432\u044f\u0437\u0430\u043d\u043e \u0441 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u043c\u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c\u0438 \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442.\n\n\u041d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0430\u0442\u0430\u043a, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 FortiGuard Labs, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435\u043c Microsoft Excel, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u043c\u043d\u043e\u0433\u043e\u043b\u0435\u0442\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435,\u00a0CVE-2017-0199\u00a0\u0438\u00a0CVE-2017-11882) \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 Ande Loader, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0442\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f SmokeLoader \u043d\u0430 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0445\u043e\u0441\u0442\u0435.\n\nSmokeLoader \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0434\u0432\u0430 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430: stager \u0438 main module. \n\n\u0426\u0435\u043b\u044c\u044e stager \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0430, \u0440\u0430\u0441\u043f\u0430\u043a\u043e\u0432\u043a\u0430 \u0438 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 main module \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 explorer.exe. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c main module \u043e\u0442\u0432\u0435\u0447\u0430\u0435\u0442 \u0437\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0435\u0440\u0441\u0438\u0441\u0442\u0435\u043d\u0442\u043d\u043e\u0441\u0442\u0438, \u0441\u0432\u044f\u0437\u044c \u0441 C2 \u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u043a\u043e\u043c\u0430\u043d\u0434.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043a\u0440\u0430\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0434\u043b\u044f \u0432\u0445\u043e\u0434\u0430 \u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 FTP, \u0430\u0434\u0440\u0435\u0441\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b, \u0444\u0430\u0439\u043b\u044b cookie \u0438 \u0434\u0440\u0443\u0433\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u0437 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432, Outlook, Thunderbird, FileZilla \u0438 WinSCP.\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0432\u0441\u0435\u0439 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 IOCs - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2024-12-04T18:30:05.000000Z"}, {"uuid": "5eff601b-522f-412f-9677-19b80fbf7155", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/true_secator/4699", "content": "\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u0442\u0435\u043c, \u0447\u0442\u043e \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u0432 crimeware, \u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044f \u043d\u0430\u0439\u0434\u0435\u043d\u043d\u044b\u0435 \u043e\u0431\u0440\u0430\u0437\u0446\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u044f \u0437\u0430 \u0431\u043e\u0442\u043d\u0435\u0442\u0430\u043c\u0438 \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0430 \u0442\u0435\u043d\u0435\u0432\u044b\u0445 \u0444\u043e\u0440\u0443\u043c\u0430\u0445.\n\n\u0412 \u0441\u0432\u043e\u0435\u043c \u043e\u0442\u0447\u0435\u0442\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u0441\u0441\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u043e \u043d\u043e\u0432\u044b\u0445 \u043e\u0431\u0440\u0430\u0437\u0446\u0430\u0445\u00a0Emotet \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 DarkGate, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c\u00a0\u0441\u0442\u0438\u043b\u0435\u0440\u0430 LokiBot.\n\n\u0412 \u0438\u044e\u043d\u0435 2023\u00a0\u0433\u043e\u0434\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0432 \u0434\u0430\u0440\u043a\u043d\u0435\u0442\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u043f\u0440\u0435\u0437\u0435\u043d\u0442\u043e\u0432\u0430\u043b \u0441\u0432\u043e\u044e \u043d\u043e\u0432\u0443\u044e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0443 - DarkGate, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043f\u043e\u0442\u0440\u0430\u0442\u0438\u043b \u0431\u043e\u043b\u0435\u0435 20\u00a0000\u00a0\u0447\u0430\u0441\u043e\u0432, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 2017 \u0433\u043e\u0434\u0430.\n\n\u041d\u043e\u0432\u044b\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u044b\u043c\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0442\u0430\u043a\u0438\u0435 \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435, \u043a\u0430\u043a: \u0441\u043a\u0440\u044b\u0442\u043e\u0435 VNC-\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435, \u043e\u0431\u0445\u043e\u0434 \u0417\u0430\u0449\u0438\u0442\u043d\u0438\u043a\u0430 Windows, \u043a\u0440\u0430\u0436\u0430 \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0438 \u0442\u043e\u043a\u0435\u043d\u043e\u0432 Discord, \u043e\u0431\u0440\u0430\u0442\u043d\u044b\u0439 \u043f\u0440\u043e\u043a\u0441\u0438, \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0439 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440.\n\n\u041f\u043e\u043b\u043d\u0430\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 4 \u044d\u0442\u0430\u043f\u043e\u0432: VBS-\u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a, \u0441\u043a\u0440\u0438\u043f\u0442 AutoIT V3, \u0448\u0435\u043b\u043b-\u043a\u043e\u0434 \u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c DarkGate.\n\n\u0417\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a DarkGate \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 17 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 (Delphi TStringList), \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0449\u0438\u0445  \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0437\u043b\u043e\u0432\u0440\u0435\u0434\u0430, \u0432 \u0447\u0438\u0441\u043b\u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0435 \u0432\u0445\u043e\u0434\u0438\u0442 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u043c\u043e\u0434\u0443\u043b\u044c.\n\n\u0418\u043d\u0442\u0435\u0440\u0435\u0441 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0442\u0430\u043a\u0436\u0435 \u0441\u043f\u043e\u0441\u043e\u0431 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0442\u0440\u043e\u043a. \u041a\u0430\u0436\u0434\u0430\u044f \u0441\u0442\u0440\u043e\u043a\u0430 \u0448\u0438\u0444\u0440\u0443\u0435\u0442\u0441\u044f \u0441 \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u043c \u043a\u043b\u044e\u0447\u043e\u043c \u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0438 Base64 (\u0441 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c \u043d\u0430\u0431\u043e\u0440\u043e\u043c \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432).\n\n\u041d\u043e\u0432\u0430\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0441 LokiBot (\u043e\u0431\u043d\u0430\u0440\u0443\u0434\u0435\u043d\u043d\u044b\u0439 \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0432 2016 \u0433\u043e\u0434\u0443 \u0441\u0442\u0438\u043b\u043b\u0435\u0440) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u043c, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u043c \u043d\u0430 \u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044e\u0449\u0438\u0435\u0441\u044f \u043d\u0430 \u043c\u043e\u0440\u0441\u043a\u0438\u0445 \u0433\u0440\u0443\u0437\u043e\u043f\u0435\u0440\u0435\u0432\u043e\u0437\u043a\u0430\u0445.\n\n\u0416\u0435\u0440\u0442\u0432\u044b \u043f\u043e\u043b\u0443\u0447\u0430\u043b\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e \u044f\u043a\u043e\u0431\u044b \u043e\u0442 \u043a\u043e\u043d\u0442\u0440\u0430\u0433\u0435\u043d\u0442\u0430 \u0441 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u043f\u043b\u0430\u0442\u0438\u0442\u044c \u043f\u043e\u0440\u0442\u043e\u0432\u044b\u0435 \u0441\u0431\u043e\u0440\u044b. \u0412 \u043f\u0438\u0441\u044c\u043c\u043e \u0431\u044b\u043b \u0432\u043b\u043e\u0436\u0435\u043d \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Excel, \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0432\u043c\u0435\u0441\u0442\u043e \u043e\u0436\u0438\u0434\u0430\u0435\u043c\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u043c\u0430\u043a\u0440\u043e\u0441\u0430 - \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f CVE-2017-0199.\n\n\u041f\u0440\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 RTF, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0434\u0440\u0443\u0433\u0443\u044e CVE-2017-11882, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0443\u044e LokiBot, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432 \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0438\u0445 \u043d\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u0432 POST-\u0437\u0430\u043f\u0440\u043e\u0441\u0430\u0445, \u0441\u0436\u0430\u0442\u044b\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 APLib.\n\n\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u043e\u043b\u043d\u0435 \u0432\u043e\u0437\u043e\u0431\u043d\u043e\u0432\u0438\u0432\u0448\u0438\u0445\u0441\u044f \u043f\u043e\u0441\u043b\u0435 2021 \u0433\u043e\u0434\u0430 \u0430\u0442\u0430\u043a \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b Emotet \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u0432\u0435\u043a\u0442\u043e\u0440 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438 \u043f\u0438\u0441\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 OneNote, \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0435 \u0441 \u043a\u043d\u043e\u043f\u043a\u043e\u0439 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430.\n\n\u0414\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0438\u0439 \u043a\u043b\u0438\u043a \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442\u044c \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043e\u0431\u0444\u0443\u0441\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0433\u043e VBS-\u0441\u043a\u0440\u0438\u043f\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0441\u0430\u0439\u0442\u043e\u0432 \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 (DLL-\u0444\u0430\u0439\u043b).\n\n\u0420\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0448\u0435\u043b\u043b-\u043a\u043e\u0434, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 \u0438\u043c\u043f\u043e\u0440\u0442 \u043f\u043e \u0445\u0435\u0448\u0443. \u0414\u0432\u0435 \u0438\u0437 \u0438\u043c\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u2014 LdrLoadDll \u0438 LdrGetProcedureAddress.\n\n\u041d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c \u044d\u0442\u0430\u043f\u0435 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u0438\u0442\u043e\u0433\u043e\u0432\u0430\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 - Emotet, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043d\u0435 \u043e\u0442\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u043e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0432 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0445 \u0432\u043e\u043b\u043d\u0430\u0445 \u0430\u0442\u0430\u043a.\n\n\u0411\u043e\u043b\u0435\u0435 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u043e \u0432\u0441\u0435 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b \u0437\u043b\u043e\u0432\u0440\u0435\u0434\u043e\u0432 \u0441 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2023-08-07T17:27:46.000000Z"}, {"uuid": "a3391b58-4c43-4692-a638-66e8b20d029b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/3929", "content": "Group-IB\u00a0\u0440\u0430\u0441\u0447\u0435\u0445\u043b\u0438\u043b\u0430 Dark Pink APT, \u043f\u0440\u0438\u0447\u0430\u0441\u0442\u043d\u0443\u044e \u043a \u0430\u0442\u0430\u043a\u0430\u043c \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u0432\u043e\u0435\u043d\u043d\u044b\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b \u0432 \u0410\u0437\u0438\u0430\u0442\u0441\u043a\u043e-\u0422\u0438\u0445\u043e\u043e\u043a\u0435\u0430\u043d\u0441\u043a\u043e\u043c \u0440\u0435\u0433\u0438\u043e\u043d\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0420\u0430\u043d\u0435\u0435 \u0410\u0420\u0422 \u0443\u0436\u0435 \u043f\u043e\u043f\u0430\u0434\u0430\u043b\u0430 \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u043e\u0432 \u0438\u0437 Anheng Hunting Labs, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0443 \u043a\u0430\u043a Saaiwc Group. \u0412 \u043e\u0442\u0447\u0435\u0442\u0435\u00a0\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0430\u0442\u0430\u043a, \u043e\u0434\u043d\u0430 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0448\u0430\u0431\u043b\u043e\u043d\u0430 Microsoft Office \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u043c\u0430\u043a\u0440\u043e\u0441\u043e\u0432 \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0441\u0442\u0430\u0440\u043e\u0439 \u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0439 CVE-2017-0199.\n\nGroup-IB \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0430, \u0447\u0442\u043e Dark Pink \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0435\u043d\u043d\u044b \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u0435 TTP, \u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0439 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u043d\u0430\u0431\u043e\u0440 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u041f\u041e \u0447\u0435\u0440\u0435\u0437 USB-\u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u0438.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043d\u0435\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 DLL \u0438 \u043c\u0435\u0442\u043e\u0434\u044b \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043f\u043e \u0441\u043e\u0431\u044b\u0442\u0438\u044e \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0436\u0435\u0440\u0442\u0432.\n\n\u0426\u0435\u043b\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u2014 \u043a\u0440\u0430\u0436\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u0437 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043c\u0435\u0441\u0441\u0435\u043d\u0434\u0436\u0435\u0440\u0430\u043c, \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u044f \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442 \u0430\u043a\u0443\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0441 \u043c\u0438\u043a\u0440\u043e\u0444\u043e\u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.\n\n\u041a\u0430\u043a \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b, \u0437\u0430 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 \u0438\u044e\u043d\u044f \u043f\u043e \u0434\u0435\u043a\u0430\u0431\u0440\u044c 2022 \u0433\u043e\u0434\u0430 Dark Pink \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u0441\u0435\u043c\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\u0422\u0438\u043f\u0438\u0447\u043d\u044b\u0439 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0432\u0435\u043a\u0442\u043e\u0440 \u0430\u0442\u0430\u043a Dark Pink \u2014 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u043f\u043e \u0442\u0435\u043c\u0435 \u043f\u0440\u0438\u0435\u043c\u0430 \u043d\u0430 \u0440\u0430\u0431\u043e\u0442\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u043c\u0430\u043d\u043d\u044b\u043c \u043f\u0443\u0442\u0435\u043c \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0438 \u0436\u0435\u0440\u0442\u0432\u0443 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u043e\u0431\u0440\u0430\u0437\u0430 ISO.\n\n\u041d\u043e \u0431\u044b\u043b\u0438 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u044b \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0430\u0442\u0430\u043a. \u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0430\u043a\u0442\u043e\u0440 \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b ISO-\u0444\u0430\u0439\u043b \u0441 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442-\u043f\u0440\u0438\u043c\u0430\u043d\u043a\u043e\u0439, \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u043c \u0444\u0430\u0439\u043b\u043e\u043c \u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c DLL, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u043b\u043e \u043a \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044e \u043e\u0434\u043d\u043e\u0433\u043e \u0438\u0437 \u0434\u0432\u0443\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0441\u0442\u0438\u043b\u043b\u0435\u0440\u043e\u0432 \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0431\u043e\u043a\u043e\u0432\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 DLL.\n\nCucky \u0438 Ctealer \u2014 \u044d\u0442\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u041f\u041e \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0435 \u043d\u0430 .NET \u0438 C++ \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u0430\u0440\u043e\u043b\u0435\u0439, \u0438\u0441\u0442\u043e\u0440\u0438\u0438 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u043e\u0432, \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u043b\u043e\u0433\u0438\u043d\u043e\u0439 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432 cookie \u0438\u0437 \u0432\u0441\u0435\u0445 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432.\n\n\u041d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c \u044d\u0442\u0430\u043f\u0435 \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u043b\u0441\u044f \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430\u043d\u0442 \u0440\u0435\u0435\u0441\u0442\u0440\u0430 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c TelePowerBot, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u0440\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u043a \u043a\u0430\u043d\u0430\u043b\u0443 Telegram, \u043e\u0442\u043a\u0443\u0434\u0430 \u043e\u043d \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u044b PowerShell \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f.\n\n\u041a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u043e, \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043f\u0440\u043e\u0441\u0442\u044b\u0435 \u043a\u043e\u043d\u0441\u043e\u043b\u044c\u043d\u044b\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438\u043b\u0438 \u0441\u043b\u043e\u0436\u043d\u044b\u0435 \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0438 PowerShell, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0438\u0435 \u0431\u043e\u043a\u043e\u0432\u043e\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0447\u0435\u0440\u0435\u0437 \u0441\u044a\u0435\u043c\u043d\u044b\u0435 USB-\u043d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u0438.\n\n\u0414\u0440\u0443\u0433\u043e\u0439 \u0432\u0430\u0440\u0438\u0430\u043d\u0442 \u0432\u043a\u043b\u044e\u0447\u0430\u043b \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Microsoft Office (.DOC) \u0432\u043d\u0443\u0442\u0440\u0438 \u0444\u0430\u0439\u043b\u0430 ISO, \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0441 GitHub \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u043b\u0441\u044f \u0448\u0430\u0431\u043b\u043e\u043d \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c \u043c\u0430\u043a\u0440\u043e\u0441\u043e\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u044b\u0432\u0430\u043b \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 TelePowerBot \u0438 \u0432\u043d\u0435\u0441\u0435\u043d\u0438\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0432 \u0440\u0435\u0435\u0441\u0442\u0440 Windows.\n\n\u0422\u0440\u0435\u0442\u044c\u044f \u0446\u0435\u043f\u043e\u0447\u043a\u0430 \u0430\u0442\u0430\u043a, \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u043e\u0432\u0430\u0432\u0448\u0430\u044f\u0441\u044f \u0432 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430, \u0431\u044b\u043b\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0447\u043d\u0430 \u043f\u0435\u0440\u0432\u043e\u0439.\u00a0\u041e\u0434\u043d\u0430\u043a\u043e \u0432\u043c\u0435\u0441\u0442\u043e TelePowerBot \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b\u043e\u0441\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0430\u0437\u044b\u0432\u0430\u044e\u0442 KamiKakaBot, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434.\n\nKamiKakaBot \u2014 \u044d\u0442\u043e .NET-\u0432\u0435\u0440\u0441\u0438\u044f TelePowerBot, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u043a\u0440\u0430\u0436\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0435, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u0435\u0441\u044f \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u0445 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Chrome \u0438 Firefox.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u044b\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 Dark Pink \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0432\u0443\u043a\u0430 \u0447\u0435\u0440\u0435\u0437 \u043c\u0438\u043a\u0440\u043e\u0444\u043e\u043d \u0432 \u043c\u0438\u043d\u0443\u0442\u043d\u043e\u043c \u0438\u043d\u0442\u0435\u0440\u0432\u0430\u043b\u0435.\u00a0\u0414\u0430\u043d\u043d\u044b\u0435 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u044e\u0442\u0441\u044f \u0432 \u0432\u0438\u0434\u0435 ZIP-\u0430\u0440\u0445\u0438\u0432\u0430 \u0432\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u043f\u0430\u043f\u043a\u0435 Windows, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f \u0447\u0435\u0440\u0435\u0437 Telegram-\u0431\u043e\u0442.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u0443\u0442\u0438\u043b\u0438\u0442\u0443 ZMsg \u0434\u043b\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u0437 \u043c\u0435\u0441\u0441\u0435\u043d\u0434\u0436\u0435\u0440\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043a\u0440\u0430\u0434\u0435\u0442 \u043f\u0435\u0440\u0435\u043f\u0438\u0441\u043a\u0443 \u0438\u0437 Viber, Telegram \u0438 Zalo.\n\n\u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 Dark Pink \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0441 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c\u044e Group-IB \u043a\u043e\u043d\u0441\u0442\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0443\u0441\u043f\u0435\u0445 \u0441\u0435\u043c\u0438 \u0430\u0442\u0430\u043a, \u043e\u0434\u043d\u0430\u043a\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u0438\u0445 \u043c\u043e\u0433\u043b\u043e \u0431\u044b\u0442\u044c \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u0435.", "creation_timestamp": "2023-01-12T12:39:51.000000Z"}, {"uuid": "93b65820-a9fb-49c8-b7e2-6089b3c021bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/15309", "content": "The Top Vulnerabilities Exploited by Cybercriminals\nhttp://feedproxy.google.com/~r/Securityweek/~3/LZdKf59wwhs/top-vulnerabilities-exploited-cybercriminals\n\nCybercriminals are shifting their focus from Adobe to Microsoft consumer products, and are now concentrating more on targeted attacks than on web-based exploit kits.\nEach year, Recorded Future provides an analysis of criminal chatter on the dark web in its Top Ten Vulnerabilities Report (https://go.recordedfuture.com/hubfs/reports/cta-2018-0327.pdf?utm_source=SecurityWeek). It does this because it perceives a weakness in traditional vulnerability databases and scanning tools -- they do not indicate which vulnerabilities are currently being exploited, nor to what extent. Reliance on vulnerability lists alone cannot say where patching and remediation efforts should be prioritized.\u00a0\n\"We do this analysis because the sale and use of exploits is a for-profit industry,\" Recorded Future's VP of technical solutions, Scott Donnelly told SecurityWeek. This means that exploit developers have to sell their products, while other criminals have to buy them -- and this leads to the chatter that Recorded Future analyzes.\u00a0\n\"If you're a cybercriminal trying to make money, you have to discuss it. If you hold back too much you're not going to make any money; so, there's a necessity for the criminals to stick their heads up a little bit -- and we can take advantage of that and call out some of the big conversations.\" It assumes a correlation between chatter about a vulnerability with active exploitation of that vulnerability -- an assumption that common sense rather than science suggests is reasonable.\nDonnelly is confident that his firm's knowledge of and access to the dark web is statistically valid. Nation-state activity is specifically excluded from this analysis, because, he says, \"If you're a nation-state with an exploit, or if you're a third-party supplier of exploits to a nation state, you're less likely to talk about it in a general criminal forum.\"\nAt the macro level, this year's analysis highlights a move away from Adobe vulnerabilities towards Microsoft consumer product vulnerabilities. While Flash exploits have dominated earlier annual reports, seven of the top ten (including the top five) most discussed vulnerabilities are now Microsoft vulnerabilities. \"As Adobe Flash Player has begun to see its usage significantly drop, this year we find that it's a lot of Microsoft consumer products that are seeing heavy exploitation,\" says Donnelly.\nThe three most used vulnerabilities are CVE-2017-0199 (https://www.securityweek.com/attackers-combine-office-exploits-avoid-detection) (which allows attackers to download and execute a Visual Basic script containing PowerShell commands from a malicious document), CVE-2016-018 (https://www.securityweek.com/ie-exploit-added-neutrino-after-experts-publish-poc)9 (which is an old Internet Explorer vulnerability that allows attackers to use an exploit kit to drop malware, such as ransomware), and CVE-2017-0022 (https://www.securityweek.com/stegano-exploit-kit-adopts-diffie-hellman-algorithm) (which enables data theft).\nA second major takeaway from the analysis is that 2017 has seen a significant drop in the development of new exploit kits. \"This has been noticed before,\" Donnelly told SecurityWeek, \"but mainly because researchers simply haven't seen them in action. This is now evidence that the criminals themselves aren't talking about or trying to sell that many new kits.\"\nIn raw numbers, Recorded Future's analysis noted 26 new kits in 2016, but only 10 new kits in 2017 (from a total list of 158 EKs). \"The observed drop in exploit kit activity,\" suggests Donnelly, \"overlaps with the rapid decline of Flash Player usage. Users have shifted to more secure browsers, and attackers have shifted as well. Spikes in cryptocurrency mining malware and more targeted victim attacks have filled the void.\"", "creation_timestamp": "2018-03-27T17:55:16.000000Z"}, {"uuid": "071ffbb7-5b8f-44e0-8af0-96baff29bad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/true_secator/7059", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Acronis \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043d\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043d\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043e\u0431\u044a\u0435\u043a\u0442\u0430\u043c\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0441\u0442\u0430\u043b\u0438 \u0432\u044b\u0441\u0448\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0428\u0440\u0438-\u041b\u0430\u043d\u043a\u0438, \u0411\u0430\u043d\u0433\u043b\u0430\u0434\u0435\u0448 \u0438 \u041f\u0430\u043a\u0438\u0441\u0442\u0430\u043d\u0430.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0432 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u0433\u0435\u043e\u0437\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u043c\u0438 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430\u043c\u0438, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0436\u0435\u0440\u0442\u0432\u0430\u043c \u0432 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u0442\u0440\u0430\u043d\u0430\u0445.\n\n\u0426\u0435\u043f\u043e\u0447\u043a\u0438 \u0430\u0442\u0430\u043a \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438 \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e - StealerBot.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e modus operandi \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0435\u0434\u0430\u0432\u043d\u0438\u043c \u0430\u0442\u0430\u043a\u0430\u043c SideWinder, \u0437\u0430\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u00a0\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0435\u0439 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0432 \u043c\u0430\u0440\u0442\u0435 2025 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Acronis, \u0432 \u0447\u0438\u0441\u043b\u043e \u0446\u0435\u043b\u0435\u0439 \u0432\u043e\u0448\u043b\u0438: \u041a\u043e\u043c\u0438\u0441\u0441\u0438\u044f \u043f\u043e \u0440\u0435\u0433\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0439 \u0411\u0430\u043d\u0433\u043b\u0430\u0434\u0435\u0448, \u043c\u0438\u043d\u043e\u0431\u043e\u0440\u043e\u043d\u044b \u0438 \u043c\u0438\u043d\u0444\u0438\u043d, \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0430\u0442 \u043f\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u043c\u0443 \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u044e \u041f\u0430\u043a\u0438\u0441\u0442\u0430\u043d\u0430, \u0434\u0435\u043f\u0430\u0440\u0442\u0430\u043c\u0435\u043d\u0442 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043a\u0430\u0437\u043d\u0430\u0447\u0435\u0439\u0441\u0442\u0432\u043e, \u043c\u0438\u043d\u043e\u0431\u043e\u0440\u043e\u043d\u044b \u0438 \u0426\u0435\u043d\u0442\u0440\u043e\u0431\u0430\u043d\u043a \u0428\u0440\u0438-\u041b\u0430\u043d\u043a\u0438.\n\n\u0410\u0442\u0430\u043a\u0438 \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u0438\u0437\u0443\u044e\u0442\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043c\u043d\u043e\u0433\u043e\u043b\u0435\u0442\u043d\u0438\u0445 RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Microsoft Office (CVE-2017-0199 \u0438 CVE-2017-11882) \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0445 \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u0432 \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044e\u0449\u0435\u0433\u043e \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0430\u0445 \u043f\u043e \u0432\u0441\u0435\u0439 \u042e\u0436\u043d\u043e\u0439 \u0410\u0437\u0438\u0438.\n\n\u041f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f CVE-2017-0199, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u044d\u0442\u0430\u043f\u0430, \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0438\u0435 \u0437\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 StealerBot \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 DLL-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a.\n\n\u041e\u0434\u043d\u0430 \u0438\u0437 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0442\u0430\u043a\u0442\u0438\u043a SideWinder \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0433\u0435\u043e\u0437\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c\u0438 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u043c\u0438 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430\u043c\u0438, \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u043c\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043a\u0440\u0438\u0442\u0435\u0440\u0438\u0438 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433\u0430.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435, \u0435\u0441\u043b\u0438 IP-\u0430\u0434\u0440\u0435\u0441 \u0436\u0435\u0440\u0442\u0432\u044b \u043d\u0435 \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u0435\u0442, \u0432\u043c\u0435\u0441\u0442\u043e \u043d\u0435\u0433\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0443\u0441\u0442\u043e\u0439 \u0444\u0430\u0439\u043b RTF \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0438\u043c\u0430\u043d\u043a\u0438.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u0430\u044f \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 RTF-\u0444\u0430\u0439\u043b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2017-11882, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0443\u044e \u043a \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0435 \u0444\u043e\u0440\u043c\u0443\u043b, \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0448\u0435\u043b\u043b-\u043a\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e StealerBot.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e, StealerBot - \u044d\u0442\u043e\u00a0.NET-\u0438\u043c\u043f\u043b\u0430\u043d\u0442, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0439 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438 \u0438 \u0441\u0431\u043e\u0440\u0430 \u0448\u0438\u0440\u043e\u043a\u043e\u0433\u043e \u0441\u043f\u0435\u043a\u0442\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0445\u043e\u0441\u0442\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0441\u043d\u0438\u043c\u043a\u0438 \u044d\u043a\u0440\u0430\u043d\u0430, \u043d\u0430\u0436\u0430\u0442\u0438\u044f \u043a\u043b\u0430\u0432\u0438\u0448, \u043f\u0430\u0440\u043e\u043b\u0438 \u0438 \u0444\u0430\u0439\u043b\u044b.\n\nSideWinder \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442 \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u043b\u0433\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0442\u0435\u043c\u043f \u0440\u0430\u0431\u043e\u0442\u044b \u0431\u0435\u0437 \u0434\u043b\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0431\u0435\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f - \u043c\u043e\u0434\u0435\u043b\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0442\u0440\u0430\u0436\u0430\u0435\u0442 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u043f\u0440\u0435\u0435\u043c\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0438 \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u044b\u0435 \u043d\u0430\u043c\u0435\u0440\u0435\u043d\u0438\u044f.\n\n\u0411\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 TTPs \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0441\u0442\u0435\u043f\u0435\u043d\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0438 \u0442\u043e\u0447\u043d\u043e\u0441\u0442\u0438, \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u0443\u044e\u0449\u0443\u044e \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0442\u043e\u043b\u044c\u043a\u043e \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u044b\u0431\u0440\u0430\u043d\u043d\u044b\u043c \u0446\u0435\u043b\u044f\u043c \u0438 \u0437\u0430\u0447\u0430\u0441\u0442\u0443\u044e \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0438\u043e\u0434\u0430 \u0432\u0440\u0435\u043c\u0435\u043d\u0438.", "creation_timestamp": "2025-05-22T17:00:07.000000Z"}, {"uuid": "320282ed-4107-4cda-b33f-b1ffec276121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/HackerOne/617", "content": "CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler\nhttps://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html", "creation_timestamp": "2017-04-12T14:54:21.000000Z"}, {"uuid": "6b112770-18e4-4410-84c1-69b4d0b84911", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/7764", "content": "Old Flaws, New Tricks: CVE-2017-0199 and PowerPoint Abuse\nhttps://www.darkreading.com/vulnerabilities---threats/old-flaws-new-tricks-cve-2017-0199-and-powerpoint-abuse/d/d-id/1329634?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\n\nResearchers discover attackers are using a patched Microsoft vulnerability to abuse PowerPoint files and distribute malware.", "creation_timestamp": "2017-08-16T21:16:42.000000Z"}, {"uuid": "8428a29c-4719-4069-8dc1-14f039d52236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/4340", "content": "CVE-2017-0199 \u2013 Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API\nhttp://blogs.quickheal.com/cve-2017-0199-microsoft-officewordpad-remote-code-execution-vulnerability-wwindows-api/\n\nThe newly discovered zero-day vulnerability (CVE-2017-0199) in Microsoft Office/WordPad is being actively exploited in the wild. Almost all Microsoft Office versions are affected with this bug. To fix this vulnerability, Microsoft released a security update on April 11, 2017. Vulnerable Versions According to Microsoft, the following are the affected products...\nThe post CVE-2017-0199 \u2013 Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API (http://blogs.quickheal.com/cve-2017-0199-microsoft-officewordpad-remote-code-execution-vulnerability-wwindows-api/) appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice (http://blogs.quickheal.com/).", "creation_timestamp": "2017-04-14T12:26:50.000000Z"}, {"uuid": "e0e7bb3e-446d-4ab2-9c4c-088275a8f89e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/8296", "content": "Malspam Campaign using CVE-2017-0199 Targets Manufacturing, Pharmaceutical, and other important Industries\nhttp://blogs.quickheal.com/malspam-campaign-using-cve-2017-0199-targets-manufacturing-pharmaceutical-important-industries/\n\nQuick Heal Security Labs has come across various email campaigns that are actively exploiting the famous vulnerability CVE-2017-0199 in their bid to target prominent private industries in India. CVE-2017-0199 was a zero-day vulnerability reported in April 2017 by two different security firms. Almost all of the MS Office versions were...\nThe post Malspam Campaign using CVE-2017-0199 Targets Manufacturing, Pharmaceutical, and other important Industries (http://blogs.quickheal.com/malspam-campaign-using-cve-2017-0199-targets-manufacturing-pharmaceutical-important-industries/) appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice (http://blogs.quickheal.com/).", "creation_timestamp": "2017-08-31T12:37:20.000000Z"}, {"uuid": "076927d4-5b25-4fd0-9cf8-6ba785f8289e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/8425", "content": "PowerPoint File Armed with CVE-2017-0199 and UAC Bypass https://t.co/8kBjAiF40i via @Fortinet", "creation_timestamp": "2017-09-03T04:43:46.000000Z"}, {"uuid": "ff62dd64-8fde-4d5c-ab19-24b4208afddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/8469", "content": "PowerPoint file Equipped with CVE-2017-0199 could Compromise Your\u00a0System https://t.co/vMhRmkHU52 https://t.co/x63vUsLl4y", "creation_timestamp": "2017-09-05T07:50:17.000000Z"}, {"uuid": "a00acdf5-c6c2-4099-a6ca-ed60cfe6dd15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/12842", "content": "Malspam campaigns exploiting recent MS Office vulnerability \u2018CVE-2017-11882\u2019 \u2013 An Analysis by Quick Heal Security Labs\nhttp://blogs.quickheal.com/malspam-campaigns-exploiting-recent-ms-office-vulnerability-cve-2017-11882/\n\nNo wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro,\u00a0CVE-2017-0199, CVE-2017-8759\u00a0and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2018-11882. Let\u2019s take a look\u2026", "creation_timestamp": "2018-02-05T12:19:22.000000Z"}, {"uuid": "5812b9f3-ae7a-4832-a717-58182e0defb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/15024", "content": "http://feedproxy.google.com/~r/Securityweek/~3/XBNDgTtf0k8/you-can-ddos-organization-just-10-hour-cybercrime-report\n\nThe cost of having an organization targeted by a distributed denial of service (DDoS) attack for an hour is as low as $10, cybersecurity firm Armor says.\nThe low cost of launching such attacks results from the proliferation of cybercrime-as-a-service, one of the most profitable business models adopted by cybercriminals over the past years. It allows criminals-wannabe to employ the resources of established cybercriminals for their nefarious purposes, including malware distribution, DDoS-ing, spam, and more. \nAll that miscreants have to do is to access underground markets or forums and hire the desired cybercrime service to conduct the malicious actions for them. And while the incurred financial losses total billions or even more for affected organizations, the price of hiring such a service is highly affordable to anyone. \nAccording to Armor\u2019s The Black Market Report (https://event.on24.com/wcc/r/1630121/C5E9D26D11A30024CBB36E365850C694?partnerref=news): A Look into the Dark Web (PDF), anyone can DDoS an organization for only $10 an hour or $200 per day. Remote Desktop Protocol (RDP) access for a system for three months costs only $35. \nThe data was collected through the analysis of dozens of online underground markets and forums during the fourth quarter of 2017 and reveals a slight increase in prices compared to a couple of years ago. Considering how powerful DDoS attacks have become lately, however, the cost of launching an attack remains incredibly low.\nDDoS-for-hire services, however, are only one example of how cheap cybercrime services are on the dark web. The Disdain exploit kit could be rented for $80 a day, $500 a week or $1,400 a month, Armor has discovered. A botnet capable of webinject and other nefarious actions was available at $750 or $1,200 a month, with support available at an extra $100 or $150 a month.\n\u201cWhen source code is offered, there is a trend toward offloading risk by selling malware or exploit code to someone else and then selling support as well. In the spirit of helping others, some sellers have taken to hawking hacker tutorials and known exploits in bundles at relatively low cost, most likely to low-skill hackers known as script kiddies,\u201d the security firm says. \nArmor's researchers found a Microsoft Office exploit builder targeting the CVE-2017-0199 vulnerability available at $1,000. A banking Trojan license, on the other hand, was available at $3,000 to $5,000, while a remote access Trojan was seen selling for $200. \nOn underground forums, buyers can also find code-signing certificates (a Class 3 code-signing certificate was selling for $400, while an Extended Validation (EV) certificate was offered for $2,500), account hacking programs (for as low as $12.99), WordPress exploits (at $100), password stealers ($50), Android malware loader ($1,500), ATM skimmers ($700 - $1,500), and various other tools as well. \nCredit card skimmers and magnetic stripe readers were found selling for as little as $700 and $450, respectively. Credit card data is available for purchase as well, with prices starting as low as $7 for US Visa cards. \nCard numbers sold with additional identifying information are a bit more expensive: $18 vs $10-$12 at the same vendor. Customers looking to verify the bank information number (BIN) may be charged as much as $15 for the operation, Armor has discovered. American Express and Discover card numbers were available at $12 to $17 with BIN verification. \nThe cost of credit card information was also influenced by the credit limit on the card: one with a $10,000 limit was available at $800, while another with a $15,000 limit was $1,000. Access to bank accounts too is priced in line with the available balance, ranging from $200 to $1,000 for accounts at Wells Fargo, JPMorgan Chase and Bank of America with balances between $3,000 and $15,000.", "creation_timestamp": "2018-03-22T18:34:43.000000Z"}, {"uuid": "2318d20b-4df3-428c-8926-f16c386094f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/15310", "content": "At the micro level, the big takeaway from this report is the anomalous position of CVE-2017-0022. It is the third most discussed vulnerability on the dark web forums, yet in relation to just two pieces of malware: exploit kits Astrum (aka Stegano) and Neutrino. This is the lowest number of associated malware in the top ten vulnerabilities -- both of the two more popular vulnerabilities are associated with ten different peices of malware. CVE-2017-0199 is associated with malware including Hancitor, Dridex (https://www.securityweek.com/dridex-campaign-abuses-ftp-servers)\u00a0and FinFisher (https://www.securityweek.com/net-zero-day-flaw-exploited-deliver-finfisher-spyware), while CVE-2016-0189 is associated with nine different exploit kits and the Magniber (https://www.securityweek.com/new-magniber-ransomware-emerges) ransomware.\nBut it's not just in malware associations that CVE-2017-0022 is anomalous. It has a Common Vulnerability Scoring System (CVSS) rating of just 4.3. The next lowest rating in the top ten vulnerabilities is 7.6, while the top two are rated at 9.3 and 7.6. CVSS defines a 4.3 score as medium risk; and yet Recorded Future's research shows it to be the third most exploited vulnerability, commenting, \"'In the wild' severity does not always correlate with the Common Vulnerability Scoring System (CVSS) score.\"\nThis is a prime example of the reason for the analysis. Security teams could check the CVSS score and conclude on this evidence alone that the vulnerability does not require expedited remediation or patching. As the third most exploited vulnerability, Recorded Future's latest threat analysis suggests otherwise.\nBoston, Mass.-based Recorded Future raised $25 million in a Series E funding round led by Insight Venture Partners in October 2017 -- bringing the total funding raised to $57.9 million.\nRelated: Use of Fake Code Signing Certificates in Malware Surges (https://www.securityweek.com/use-fake-code-signing-certificates-malware-surges)\u00a0\nRelated: Researchers Warn Against Knee-Jerk Attribution of 'Olympic Destroyer' Attack (https://www.securityweek.com/researchers-warn-against-knee-jerk-attribution-olympic-destroyer-attack)\n\n                         \n            \n            \n  \n        \n                         \n            \n                \n            \n            \n            \n                Tweet (http://twitter.com/share)", "creation_timestamp": "2018-03-27T17:55:16.000000Z"}, {"uuid": "ed0e86c8-d1d7-4cdd-bc50-3a39f6b7adda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/information_security_channel/15313", "content": "New \"ThreadKit\" Office Exploit Builder Emerges\nhttp://feedproxy.google.com/~r/Securityweek/~3/7de3m_eM7i8/new-threadkit-office-exploit-builder-emerges\n\nA newly discovered Microsoft Office document exploit builder kit has been used for the distribution of a variety of malicious payloads, including banking Trojans and backdoors, Proofpoint reports.\nThe exploit builder kit was initially discovered in October 2017, but Proofpoint's researchers have linked it to activity dating back to June 2017. The builder kit shows similarities to Microsoft Word Intruder (MWI), but is a new tool called ThreadKit.\nIn June 2017, the kit was being advertised in a forum post as being able to create documents with embedded executables and embedded decoy documents, and several campaigns featuring such documents were observed that month. The documents would perform an initial check-in to the command and control (C&C) server, a tactic also used by MWI. \nThe documents were targeting CVE-2017-0199 and were focused on downloading and executing a HTA file that would then download the decoy and a malicious VB script to extract and run the embedded executable. The payload was Smoke Loader, which in turn downloaded banking malware.\nIn October, ThreadKit started targeting CVE 2017-8759 as well, but continued to use the initial C&C check-in and the HTA file to execute the embedded executable, Proofpoint says (https://www.proofpoint.com/us/threat-insight/post/unraveling-ThreadKit-new-document-exploit-builder-distribute-The-Trick-Formbook-Loki-Bot-malware). However, changes were made to the manner in which the exploit documents operate and new exploits were integrated as well. \nIn November, ThreadKit was quick to incorporate exploits for new Microsoft Office vulnerabilities, and started being advertised as capable of targeting CVE 2017-11882 too. Soon after, campaigns that featured the previously observed check-in already started to emerge. \nIn February and March 2018, the kit was embedding new exploits, targeting vulnerabilities such as an Adobe Flash zero-day (CVE-2018-4878) and several new Microsoft office vulnerabilities, including CVE-2018-0802 and CVE-2017-8570. \nAt the same time, the researchers noticed a large spike in email campaigns featuring ThreadKit-generated Office attachments packing these exploits. The exploits appear copied from proofs of concept available on a researcher\u2019s GitHub repo. \nAs part of these attacks, the attachments would drop the contained packager objects into the temp folder, then the exploits would execute the dropped scriptlet file, thus leading to the execution of the dropped batch files, which in turn run the executable.\nProofpoint found that not all ThreadKit documents contain a valid URL for the statistics check-in (some contain placeholder URLs). Furthermore, not all documents followed the same execution chain, with some scripts modified to perform other actions, a customization that may be provided as a service by the kit author.\n\u201cIn 2017, several new vulnerabilities entered regular use by threat actors and the first months of 2018 have added to that repertoire. Document exploit builder kits like ThreadKit enable even low-skilled threat actors to take advantage of the latest vulnerabilities to distribute malware. Organizations and individuals can mitigate the risk from ThreadKit and other document exploit-based attacks by ensuring that clients are patched for the latest vulnerabilities in Microsoft office and other applications,\u201d Proofpoint concludes. \nRelated: Microsoft Patches Zero-Day Vulnerability in Office\nRelated: Microsoft Manually Patched Office Component: Researchers", "creation_timestamp": "2018-03-27T17:57:22.000000Z"}, {"uuid": "a370db75-a469-49c5-a673-ab106c3b7a52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/proitru/326", "content": "\u0412\u0420\u0415\u0414\u041e\u041d\u041e\u0421\u042b \u00ab\u041f\u0415\u0422\u042f\u00bb (PETYA) \u0418 \u00ab\u041c\u0418\u0428\u0410\u00bb (MISHA): \u0427\u0422\u041e \u041f\u0420\u041e\u0418\u0421\u0425\u041e\u0414\u0418\u0422 \u0418 \u0427\u0422\u041e \u0414\u0415\u041b\u0410\u0422\u042c \u0412 \u0422\u0420\u0415\u0425 \u0421\u041b\u041e\u0412\u0410\u0425? \n\n\u041c\u043e\u0434\u0435\u043b\u044c \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043e\u0442\u0447\u0430\u0441\u0442\u0438 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u0430 WannaCry \u2014 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 MS17-010, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u044b\u043b \u0443\u0441\u0438\u043b\u0435\u043d \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0435\u0439 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 MS Word. \u0417\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2017-0199, \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2017 \u0433\u043e\u0434\u0430. \u0410 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u043f\u043e \u0434\u0440\u0443\u0433\u0438\u043c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u043c \u0432 \u0441\u0435\u0442\u0438 \u0443\u0436\u0435 \u043f\u043e MS17-010. \u0410 \u0432\u043e\u0442 \u043c\u043e\u0434\u0435\u043b\u044c \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u2014 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u043b\u0430\u0441\u044c. \u00ab\u041f\u0435\u0442\u044f\u00bb, \u043f\u0440\u043e\u043d\u0438\u043a\u0430\u044f \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u0437\u0430\u0440\u0430\u0436\u0430\u0435\u0442 MBR (\u0433\u043b\u0430\u0432\u043d\u0430\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043e\u0447\u043d\u0430\u044f \u0437\u0430\u043f\u0438\u0441\u044c) \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0410 \u0434\u0430\u043b\u044c\u0448\u0435 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u00ab\u041c\u0438\u0448\u0430\u00bb, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0448\u0438\u0444\u0440\u0443\u0435\u0442 \u0444\u0430\u0439\u043b\u044b \u043d\u0430 \u0434\u0438\u0441\u043a\u0435, \u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0432\u044b\u043a\u0443\u043f \u0432 \u0440\u0430\u0437\u043c\u0435\u0440\u0435 $300 \u0437\u0430 \u043e\u0434\u0438\u043d \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440. \u0422\u0430\u043a \u0436\u0435 \u0435\u0441\u0442\u044c \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043a\u043e\u0433\u0434\u0430 \u00ab\u041f\u0435\u0442\u044f\u00bb \u0438 \u00ab\u041c\u0438\u0448\u0430\u00bb \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e \u0434\u0440\u0443\u0433 \u043e\u0442 \u0434\u0440\u0443\u0433\u0430, \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0415\u0441\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u043e \u0442\u043e\u043c, \u0442\u043e \u0432\u0441\u0442\u0440\u0435\u0447\u0430\u043b\u0430\u0441\u044c \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0434\u0435\u043b\u044c \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0430\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0441 \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u043a\u043e\u0439 \u043f\u043e\u0434 pdf-\u0444\u0430\u0439\u043b\u044b.  \n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435: http://www.jetinfo.ru/stati/vredonosy-petya-petya-i-misha-misha-chto-proiskhodit-i-chto-delat-v-trekh", "creation_timestamp": "2017-06-28T10:38:18.000000Z"}, {"uuid": "d0adbe7e-8c93-4d4a-8634-dc909499d50c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/SHATOOB/1586", "content": "\ud83c\udd94 @SHATOOB\n\n#OilRig\n\n\u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u062e\u06cc\u0631  Office \u062a\u0648\u0633\u0637 \u0646\u0641\u0648\u0630\u06af\u0631\u0627\u0646 \u0627\u06cc\u0631\u0627\u0646\u06cc\n\n\n\ud83d\udc48\u06cc\u06a9 \u0634\u0631\u06a9\u062a \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u0647 \u0646\u0627\u0645 Morphisec  \u0645\u062f\u0639\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0646\u0641\u0648\u0630\u06af\u0631\u0627\u0646 \u0627\u06cc\u0631\u0627\u0646\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc 0day \u0627\u062e\u06cc\u0631    Microsoft Office \u0628\u0631\u0627\u06cc \u062d\u0645\u0644\u0647 \u0628\u0647 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0633\u0627\u0632\u0645\u0627\u0646 \u0647\u0627\u06cc \u0627\u0633\u0631\u0627\u0626\u06cc\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0627\u0646\u062f . \n\n\ud83d\udd39\u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 Microsoft Office \u0648\u062c\u0648\u062f \u062f\u0627\u0634\u062a \u0648 \u0627\u0648\u0627\u06cc\u0644 \u0645\u0627\u0647  April \u0648\u0635\u0644\u0647 \u0634\u062f\u0647 \u0628\u0648\u062f \u0648\u0644\u06cc \u067e\u0633 \u0627\u0632 \u0645\u062f\u062a\u06cc \u062f\u0631 \u062f\u0646\u06cc\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0647\u0627\u06cc\u06cc \u0627\u0632 \u0622\u0646 \u0627\u0646\u062c\u0627\u0645 \u0634\u062f .\n\n\ud83d\udd38\u0627\u06cc\u0646 \u0634\u0631\u06a9\u062a \u0645\u06cc\u200c\u06af\u0648\u06cc\u062f \u0627\u0632 \u06f1\u06f9 \u062a\u0627 \u06f2\u06f4 \u0645\u0627\u0647 April \u0646\u0641\u0648\u0630\u06af\u0631\u0627\u0646 \u0627\u06cc\u0631\u0627\u0646\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u200c\u06cc   CVE-2017-0199  \u0628\u0627 \u0627\u0647\u062f\u0627\u0641 \u0633\u06cc\u0627\u0633\u06cc \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f . \n \n\ud83d\udd39\u0628\u0647\u200c\u062f\u0644\u06cc\u0644 \u0627\u06cc\u0646\u06a9\u0647 \u0628\u0633\u06cc\u0627\u0631\u06cc \u0627\u0632 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627 \u0646\u06cc\u0632 \u062f\u0631 \u0627\u0633\u0631\u0639 \u0648\u0642\u062a \u0648\u0635\u0644\u0647\u200c\u0647\u0627 \u0631\u0627 \u0627\u0639\u0645\u0627\u0644 \u0646\u06a9\u0631\u062f\u0647\u200c\u0627\u0646\u062f \u060c \u0646\u0641\u0648\u0630\u06af\u0631\u0627\u0646 \u062a\u0648\u0627\u0646\u0633\u062a\u0647\u200c\u0627\u0646\u062f \u0628\u0647 \u062d\u0645\u0644\u0627\u062a \u062e\u0648\u062f \u0627\u062f\u0627\u0645\u0647 \u062f\u0647\u0646\u062f . \u0627\u06cc\u0646 \u062d\u0645\u0644\u0627\u062a \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u0645\u062e\u062a\u0644\u0641 \u0631\u0698\u06cc\u0645 \u0635\u0647\u06cc\u0648\u0646\u06cc\u0633\u062a\u06cc \u0631\u0627 \u0647\u062f\u0641 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0647 \u0648 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0631\u0627\u06cc\u0627\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc\u06cc \u06a9\u0647 \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u0631\u0633\u0627\u0644 \u0645\u06cc\u200c\u0634\u062f \u060c \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0648\u0631\u062f \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u0631\u0641\u062a .\n \n\ud83d\udd38\u0627\u06cc\u0646 \u0631\u0627\u06cc\u0627\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0628\u0647\u200c\u0637\u0648\u0631 \u0648\u06cc\u0698\u0647 \u0628\u0647 \u0633\u0645\u062a \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062f\u0631 \u06cc\u06a9\u06cc \u0627\u0632 \u0645\u0631\u0627\u06a9\u0632 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc \u060c \u062f\u0627\u0646\u0634\u06af\u0627\u0647 Ben Gurion \u060c \u0627\u0631\u0633\u0627\u0644 \u0634\u062f\u0647 \u0627\u0633\u062a . \u0645\u0647\u0627\u062c\u0645 \u0627\u0632 \u06a9\u062f \u0627\u062b\u0628\u0627\u062a \u0645\u0641\u0647\u0648\u0645\u06cc (POC) \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u06a9\u0647 \u067e\u0633 \u0627\u0632 \u0648\u0635\u0644\u0647\u200c\u06cc \u0622\u0646 \u0645\u0646\u062a\u0634\u0631 \u0634\u062f\u0647 \u0628\u0648\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0646\u062f \u062a\u0627 \u0628\u0627 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u060c \u0646\u0633\u062e\u0647\u200c\u06cc Fileless  \u0639\u0627\u0645\u0644   Helminth Trojan  \u0631\u0627 \u0645\u0646\u062a\u0634\u0631 \u06a9\u0646\u0646\u062f .\n \n\ud83d\udd39\u0645\u062d\u0642\u0642\u0627\u0646 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u0634\u0627\u0631\u0647 \u06a9\u0631\u062f\u0646\u062f \u06a9\u0647 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u0633\u0637\u062d \u0628\u0627\u0644\u0627\u06cc \u0627\u06cc\u0646 \u0631\u0698\u06cc\u0645 \u0627\u0632 \u062c\u0645\u0644\u0647 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u0641\u0646\u0627\u0648\u0631\u06cc \u060c \u067e\u0632\u0634\u06a9\u06cc \u0648 \u0622\u0645\u0648\u0631\u0632\u0634 \u0648 \u067e\u0631\u0648\u0631\u0634 \u060c \u0642\u0631\u0628\u0627\u0646\u06cc\u0627\u0646 \u0627\u06cc\u0646 \u062d\u0645\u0644\u0647 \u0628\u0648\u062f\u0647\u200c\u0627\u0646\u062f . \u0622\u0646\u200c\u0647\u0627 \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u06cc\u0646 \u062d\u0645\u0644\u0627\u062a \u0631\u0627 \u0628\u0647 \u06cc\u06a9 \u06af\u0631\u0648\u0647 \u0646\u0641\u0648\u0630 \u0627\u06cc\u0631\u0627\u0646\u06cc \u0646\u0633\u0628\u062a \u062f\u0627\u062f\u0646\u062f \u06a9\u0647 \u0645\u0633\u0624\u0648\u0644 \u067e\u0648\u06cc\u0634 \u0628\u062f\u0627\u0641\u0632\u0627\u0631\u06cc  OilRig \u0647\u0633\u062a\u0646\u062f . \n\n\ud83d\udd38\u062f\u0631 \u0628\u0631\u0631\u0633\u06cc \u0628\u062f\u0627\u0641\u0632\u0627\u0631  Helminth \u060c \u0645\u062d\u0642\u0642\u0627\u0646 \u0646\u0632\u062f\u06cc\u06a9\u06cc \u0628\u0633\u06cc\u0627\u0631 \u0632\u06cc\u0627\u062f\u06cc \u0631\u0627 \u0628\u0627 \u0628\u062f\u0627\u0641\u0632\u0627\u0631 OilRig \u06a9\u0634\u0641 \u06a9\u0631\u062f\u0646\u062f . \u06af\u0641\u062a\u0647 \u0645\u06cc\u200c\u0634\u062f \u0628\u062f\u0627\u0641\u0632\u0627\u0631 OilRig \u0646\u0632\u062f\u06cc\u06a9 \u0628\u0647 \u06f1\u06f4\u06f0 \u0633\u0627\u0632\u0645\u0627\u0646 \u062f\u0631 \u062e\u0627\u0648\u0631\u0645\u06cc\u0627\u0646\u0647 \u0631\u0627 \u0647\u062f\u0641 \u062d\u0645\u0644\u0647 \u0642\u0631\u0627\u0631 \u062f\u0627\u062f\u0647 \u0627\u0633\u062a . \n \n\ud83d\udd39\u0645\u062d\u0642\u0642\u0627\u0646 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0634\u0627\u0631\u0647 \u06a9\u0631\u062f\u0646\u062f \u06a9\u0647 \u0646\u0641\u0648\u0630\u06af\u0631\u0627\u0646 \u0627\u06cc\u0646 \u06af\u0631\u0648\u0647 \u060c \u0627\u0632 \u0645\u0627\u06a9\u0631\u0648\u0647\u0627\u06cc \u0645\u062e\u0631\u0628 \u062f\u0631 \u0627\u0633\u0646\u0627\u062f  Excel \u0648 Word \u0628\u0647 \u0633\u0645\u062a \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0631\u0627\u0647 \u06cc\u0627\u0641\u062a\u0647 \u0627\u0646\u062f . \u0627\u06cc\u0646 \u06af\u0631\u0648\u0647 \u0646\u0641\u0648\u0630 \u060c \u062d\u0645\u0644\u0627\u062a \u062e\u0648\u062f \u0631\u0627 \u0628\u0633\u06cc\u0627\u0631 \u0633\u0631\u06cc\u0639 \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f\u0647 \u0627\u0646\u062f \u0686\u0631\u0627 \u06a9\u0647 \u0627\u062d\u062a\u0645\u0627\u0644 \u0645\u06cc \u062f\u0627\u062f\u0646\u062f \u0628\u0627\u0632\u0647\u200c\u06cc \u0632\u0645\u0627\u0646\u06cc \u0628\u06cc\u0646 \u0627\u0641\u0634\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0648 \u0648\u0635\u0644\u0647\u200c\u06cc \u0622\u0646 \u062a\u0648\u0633\u0637 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0628\u0633\u06cc\u0627\u0631 \u06a9\u0648\u062a\u0627\u0647 \u0628\u0627\u0634\u062f . \n \n\ud83d\udd38\u062f\u0631 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0627\u0632 \u06cc\u06a9 \u0633\u0646\u062f RTF \u062c\u0639\u0644\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0628\u0647 \u0645\u062d\u0636 \u0628\u0627\u0632 \u0634\u062f\u0646 \u0622\u0646 \u060c \u06cc\u06a9 \u067e\u0631\u0648\u0646\u062f\u0647\u200c\u06cc HTML \u062f\u0627\u0646\u0644\u0648\u062f \u0645\u06cc \u0634\u0648\u062f \u06a9\u0647  payload \u0646\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0628\u0631 \u0631\u0648\u06cc \u062f\u0633\u062a\u06af\u0627\u0647 \u0642\u0631\u0628\u0627\u0646\u06cc \u0628\u0627\u0631\u06af\u0630\u0627\u0631\u06cc \u0648 \u0646\u0635\u0628 \u0645\u06cc\u200c\u06a9\u0646\u062f . \n\n\ud83d\udd39 \u062f\u0631 \u062a\u0627\u0631\u06cc\u062e \u06f1\u06f1 April \u060c \u0634\u0631\u06a9\u062a Microsoft \u0628\u0627 \u0627\u0646\u062a\u0634\u0627\u0631 \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u060c \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0648\u0635\u0644\u0647 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u0648\u0644\u06cc \u06af\u0641\u062a\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u0646\u0641\u0648\u0630\u06af\u0631\u0627\u0646 \u062d\u0645\u0644\u0627\u062a \u062e\u0648\u062f \u0631\u0627 \u067e\u06cc\u0634 \u0627\u0632  \u0627\u0646\u062a\u0634\u0627\u0631 \u0648\u0635\u0644\u0647 \u0647\u0627 \u0627\u0646\u062c\u0627\u0645 \u062f\u0627\u062f\u0647 \u0627\u0646\u062f .\n\n\n\ud83d\udd38\u0647\u0645\u0686\u0646\u06cc\u0646 \u062a\u062d\u0644\u06cc\u0644 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u062f\u0631 \u0645\u0646\u0628\u0639 \u0632\u06cc\u0631 \u0645\u0637\u0627\u0644\u0639\u0647 \u0641\u0631\u0645\u0627\u0626\u06cc\u062f .\n\n\n\ud83c\udf10 http://rewtin.blogspot.de/2017/04/cve-2017-0199-practical-exploitation-poc.html\n\n\n\u0645\u0646\u0628\u0639 :\n\n\ud83c\udf10 https://goo.gl/ByCsZu\n\n\ud83c\udf10 http://www.securityweek.com/iranian-hackers-exploit-recent-office-0-day-attacks-report\n \n\n\u269c\ufe0f\u269c\ufe0f  \u0634\u0627\u062a\u0648\u0628 \u062f\u0631\u06cc\u0686\u0647 \u0627\u06cc \u0628\u0647 \u062f\u0646\u06cc\u0627\u06cc \u0631\u0627\u06cc\u0627\u0646\u0647 \u269c\ufe0f\u269c\ufe0f\n\n\ud83c\udd94 @SHATOOB", "creation_timestamp": "2017-05-04T08:17:31.000000Z"}, {"uuid": "ad8e1a88-759d-4ae0-9acb-abbbd78e3ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/canyoupwnme/1845", "content": "\"Bypassing\" Microsoft's Patch for CVE-2017-0199\nhttps://justhaifei1.blogspot.com.tr/2017/07/bypassing-microsofts-cve-2017-0199-patch.html", "creation_timestamp": "2017-07-26T20:31:07.000000Z"}, {"uuid": "3e20a1f1-ede0-4c87-a710-d420f7547eba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/canyoupwnme/1189", "content": "CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler\nhttps://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html", "creation_timestamp": "2017-04-12T00:30:01.000000Z"}, {"uuid": "edcf22b5-6d9f-4b36-9854-8e3b3e77ade2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/canyoupwnme/1236", "content": "Windows attacks via CVE-2017-0199 \u2013 Practical exploitation! (PoC)\nhttp://securityaffairs.co/wordpress/58077/breaking-news/cve-2017-0199-exploitation-poc.html", "creation_timestamp": "2017-04-18T00:30:03.000000Z"}, {"uuid": "6c69adc5-9b7e-4252-a8a3-68d06f18840c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/SecLabNews/173", "content": "\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 CVE-2017-0199 \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 RAT \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e PowerPoint", "creation_timestamp": "2017-08-16T13:34:53.000000Z"}, {"uuid": "70772254-aa9c-41ed-9b74-ad4b43abeb80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-e8c8129d-b09e02c4de9c4f4a", "content": "Exploits and vulnerabilities in Q1 2026\nDuring Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems.\nIn this report, we dive into the statistics on published vulnerabilities and exploits, as well as the known vulnerabilities leveraged by popular C2 frameworks throughout Q1 2026.\nStatistics on registered vulnerabilities\nThis section provides statistical data on registered vulnerabilities. The data is sourced from cve.org.\nWe examine the number of registered CVEs for each month starting from January 2022. The total volume of vulnerabilities continues rising and, according to current reports, the use of AI agents for discovering security issues is expected to further reinforce this upward trend.\nTotal published vulnerabilities per month from 2022 through 2026 (download)\nNext, we analyze the number of new critical vulnerabilities (CVSS > 8.9) over the same period.\nTotal critical vulnerabilities published per month from 2022 through 2026 (download)\nThe graph indicates that while the volume of critical vulnerabilities slightly decreased compared to previous years, an upward trend remained clearly visible. At present, we attribute this to the fact that the end of last year was marked by the disclosure of several severe vulnerabilities in web frameworks. The current growth is driven by high-profile issues like React2Shell, the release of exploit frameworks for mobile platforms, and the uncovering of secondary vulnerabilities during the remediation of previously discovered ones. We will be able to test this hypothesis in the next quarter; if correct, the second quarter will show a significant decline, similar to the pattern observed in the previous year.\nExploitation statistics\nThis section presents statistics on vulnerability exploitation for Q1 2026. The data draws on open sources and our telemetry.\nWindows and Linux vulnerability exploitation\nIn Q1 2026, threat actor toolsets were updated with exploits for new, recently registered vulnerabilities. However, we first examine the list of veteran vulnerabilities that consistently account for the largest share of detections:\n\nCVE-2018-0802: a remote code execution (RCE) vulnerability in the Equation Editor component\nCVE-2017-11882: another RCE vulnerability also affecting Equation Editor\nCVE-2017-0199: a vulnerability in Microsoft Office and WordPad that allows an attacker to gain control over the system\nCVE-2023-38831: a vulnerability resulting from the improper handling of objects contained within an archive\nCVE-2025-6218: a vulnerability allowing the specification of relative paths to extract files into arbitrary directories, potentially leading to malicious command execution\nCVE-2025-8088: a directory traversal bypass vulnerability during file extraction utilizing NTFS Streams\nAmong the newcomers, we have observed exploits targeting the Microsoft Office platform and Windows OS components. Notably, these new vulnerabilities exploit logic flaws arising from the interaction between multiple systems, making them technically difficult to isolate within a specific file or library. A list of these vulnerabilities is provided below:\n\nCVE-2026-21509 and CVE-2026-21514: security feature bypass vulnerabilities: despite Protected View being enabled, a specially crafted file can still execute malicious code without the user\u2019s knowledge. Malicious commands are executed on the victim\u2019s system with the privileges of the user who opened the file.\nCVE-2026-21513: a vulnerability in the Internet Explorer MSHTML engine, which is used to open websites and render HTML markup. The vulnerability involves bypassing rules that restrict the execution of files from untrusted network sources. Interestingly, the data provider for this vulnerability was an LNK file.\nThese three vulnerabilities were utilized together in a single chain during attacks on Windows-based user systems. While this combination is noteworthy, we believe the widespread use of the entire chain as a unified exploit will likely decline due to its instability. We anticipate that these vulnerabilities will eventually be applied individually as initial entry vectors in phishing campaigns.\nBelow is the trend of exploit detections on user Windows systems starting from Q1 2025.\nDynamics of the number of Windows users encountering exploits, Q1 2025 \u2013 Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)\nThe vulnerabilities listed here can be leveraged to gain initial access to a vulnerable system and for privilege escalation. This underscores the critical importance of timely software updates.\nOn Linux devices, exploits for the following vulnerabilities were detected most frequently:\n\nCVE-2022-0847: a vulnerability known as Dirty Pipe, which enables privilege escalation and the hijacking of running applications\nCVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation\nCVE-2021-22555: a heap out-of-bounds write vulnerability in the Netfilter kernel subsystem\nCVE-2023-32233: a vulnerability in the Netfilter subsystem that allows for Use-After-Free conditions and privilege escalation through the improper processing of network requests\nDynamics of the number of Linux users encountering exploits, Q1 2025 \u2013 Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)\nIn the first quarter of 2026, we observed a decrease in the number of detected exploits; however, the detection rates are on the rise relative to the same period last year. For the Linux operating system, the installation of security patches remains critical.\nMost common published exploits\nThe distribution of published exploits by software type in Q1 2026 features an updated set of categories; once again, we see exploits targeting operating systems and Microsoft Office suites.\nDistribution of published exploits by platform, Q1 2026 (download)\nVulnerability exploitation in APT attacks\nWe analyzed which vulnerabilities were utilized in APT attacks during Q1 2026. The ranking provided below includes data based on our telemetry, research, and open sources.\nTOP 10 vulnerabilities exploited in APT attacks, Q1 2026 (download)\nIn Q1 2026, threat actors continued to utilize high-profile vulnerabilities registered in the previous year for APT attacks. The hypothesis we previously proposed has been confirmed: security flaws affecting web applications remain heavily exploited in real-world attacks. However, we are also observing a partial refresh of attacker toolsets. Specifically, during the first quarter of the year, APT campaigns leveraged recently discovered vulnerabilities in Microsoft Office products, edge networking device software, and remote access management systems. Although the most recent vulnerabilities are being exploited most heavily, their general characteristics continue to reinforce established trends regarding the categories of vulnerable software. Consequently, we strongly recommend applying the security patches provided by vendors.\nC2 frameworks\nIn this section, we examine the most popular C2 frameworks used by threat actors and analyze the vulnerabilities targeted by the exploits that interacted with C2 agents in APT attacks.\nThe chart below shows the frequency of known C2 framework usage in attacks against users during Q1 2026, according to open sources.\nTOP 10 C2 frameworks used by APTs to compromise user systems, Q1 2026 (download)\nMetasploit has returned to the top of the list of the most common C2 frameworks, displacing Sliver, which now shares the second position with Havoc. These are followed by Covenant and Mythic, the latter of which previously saw greater popularity. After studying open sources and analyzing samples of malicious C2 agents that contained exploits, we determined that the following vulnerabilities were utilized in APT attacks involving the C2 frameworks mentioned above:\n\nCVE-2023-46604: an insecure deserialization vulnerability allowing for arbitrary code execution within the server process context if the Apache ActiveMQ service is running\nCVE-2024-12356 and CVE-2026-1731: command injection vulnerabilities in BeyondTrust software that allow an attacker to send malicious commands even without system authentication\nCVE-2023-36884: a vulnerability in the Windows Search component that enables command execution on the system, bypassing security mechanisms built into Microsoft Office applications\nCVE-2025-53770: an insecure deserialization vulnerability in Microsoft SharePoint that allows for unauthenticated command execution on the server\nCVE-2025-8088 and CVE-2025-6218: similar directory traversal vulnerabilities that allow files to be extracted from an archive to a predefined path, potentially without the archiving utility displaying any alerts to the user\nThe nature of the described vulnerabilities indicates that they were exploited to gain initial access to the system. Notably, the majority of these security issues are targeted to bypass authentication mechanisms. This is likely due to the fact that C2 agents are being detected effectively, prompting threat actors to reduce the probability of discovery by utilizing bypass exploits.\nNotable vulnerabilities\nThis section highlights the most significant vulnerabilities published in Q1 2026 that have publicly available descriptions.\nCVE-2026-21519: Desktop Window Manager vulnerability\nAt the core of this vulnerability is a Type Confusion flaw. By attempting to access a resource within the Desktop Window Manager subsystem, an attacker can achieve privilege escalation. A necessary condition for exploiting this issue is existing authorization on the system.\nIt is worth noting that the DWM subsystem has been under close scrutiny by threat actors for quite some time. Historically, the primary attack vector involves interacting with the NtDComposition* function set.\nRegPwn (CVE-2026-21533): a system settings access control vulnerability\nCVE-2026-21533 is essentially a logic vulnerability that enables privilege escalation. It stems from the improper handling of privileges within Remote Desktop Services (RDS) components. By modifying service parameters in the registry and replacing the configuration with a custom key, an attacker can elevate privileges to the SYSTEM level. This vulnerability is likely to remain a fixture in threat actor toolsets as a method for establishing persistence and gaining high-level privileges.\nCVE-2026-21514: a Microsoft Office vulnerability\nThis vulnerability was discovered in the wild during attacks on user systems. Notably, an LNK file is used to initiate the exploitation process. CVE-2026-21514 is also a logic issue that allows for bypassing OLE technology restrictions on malicious code execution and the transmission of NetNTLM authentication requests when processing untrusted input.\nClawdbot (CVE-2026-25253): an OpenClaw vulnerability\nThis vulnerability in the AI agent leaks credentials (authentication tokens) when queried via the WebSocket protocol. It can lead to the compromise of the infrastructure where the agent is installed: researchers have confirmed the ability to access local system data and execute commands with elevated privileges. The danger of CVE-2026-25253 is further compounded by the fact that its exploitation has generated numerous attack scenarios, including the use of prompt injections and ClickFix techniques to install stealers on vulnerable systems.\nCVE-2026-34070: LangChain framework vulnerability\nLangChain is an open-source framework designed for building applications powered by large language models (LLMs). A directory traversal vulnerability allowed attackers to access arbitrary files within the infrastructure where the framework was deployed. The core of CVE-2026-34070 lies in the fact that certain functions within langchain_core/prompts/loading.py handled configuration files insecurely. This could potentially lead to the processing of files containing malicious data, which could be leveraged to execute commands and expose critical system information or other sensitive files.\nCVE-2026-22812: an OpenCode vulnerability\nCVE-2026-22812 is another vulnerability identified in AI-assisted coding software. By default, the OpenCode agent provided local access for launching authorized applications via an HTTP server that did not require authentication. Consequently, attackers could execute malicious commands on a vulnerable device with the privileges of the current user.\nConclusion and advice\nWe observe that the registration of vulnerabilities is steadily gaining momentum in Q1 2026, a trend driven by the widespread development of AI tools designed to identify security flaws across various software types. This trajectory is likely to result not only in a higher volume of registered vulnerabilities but also in an increase in exploit-driven attacks, further reinforcing the critical necessity of timely security patch deployment. Additionally, organizations must prioritize vulnerability management and implement effective defensive technologies to mitigate the risks associated with potential exploitation.\nTo ensure the rapid detection of threats involving exploit utilization and to prevent their escalation, it is essential to deploy a reliable security solution. Key features of such a tool include continuous infrastructure monitoring, proactive protection, and vulnerability prioritization based on real-world relevance. These mechanisms are integrated into Kaspersky Next, which also provides endpoint security and protection against cyberattacks of any complexity. \nsecurelist.com/vulnerabilities\u2026", "creation_timestamp": "2026-05-07T10:52:23.534997Z"}, {"uuid": "d5faa393-4e83-4338-9979-86e0e9600aec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/SecLabNews/5089", "content": "\u0418\u0440\u0430\u043d\u0441\u043a\u0430\u044f APT-\u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 MuddyWater \u043d\u0430\u0447\u0430\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u043e\u0432\u044b\u0435 \u0432\u0435\u043a\u0442\u043e\u0440\u044b \u0430\u0442\u0430\u043a \u043d\u0430 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0438 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438. \u041a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0418\u0411-\u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Clearsky Security, MuddyWater \u043f\u043e\u043f\u043e\u043b\u043d\u0438\u043b\u0430 \u0441\u0432\u043e\u0438 \u0442\u0430\u043a\u0442\u0438\u043a\u0438, \u0442\u0435\u0445\u043d\u0438\u043a\u0438 \u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b (TTP) \u043d\u043e\u0432\u044b\u043c\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 Microsoft Word, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044e\u0449\u0438\u043c\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0447\u0435\u0440\u0435\u0437 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438, \u044d\u043a\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0449\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2017-0199.    \nAPT-\u0433\u0440\u0443\u043f\u043f\u0430 MuddyWater \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043d\u043e\u0432\u044b\u0435 \u0432\u0435\u043a\u0442\u043e\u0440\u044b \u0430\u0442\u0430\u043a", "creation_timestamp": "2019-06-07T12:55:32.000000Z"}, {"uuid": "ac8a6c08-e185-4b9c-960c-5398b6e00801", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/canyoupwnme/2022", "content": "CVE-2017-0199: New Malware Abuses PowerPoint Slide Show\nhttp://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-0199-new-malware-abuses-powerpoint-slide-show/", "creation_timestamp": "2017-08-14T17:59:09.000000Z"}, {"uuid": "f8c147ac-71bc-4659-80f2-1dbceca69504", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "seen", "source": "https://t.me/canyoupwnme/1210", "content": "Cisco Coverage for CVE-2017-0199\nhttp://blog.talosintelligence.com/2017/04/cve-2017-0199.html", "creation_timestamp": "2017-04-15T16:58:51.000000Z"}, {"uuid": "f486c32a-9c8b-4750-af12-d90038600b7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/canyoupwnme/1198", "content": "CVE-2017-0199 Used as Zero Day to Distribute FINSPY Espionage Malware and LATENTBOT Cyber Crime Malware\nhttps://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html", "creation_timestamp": "2017-04-12T22:25:46.000000Z"}, {"uuid": "f2914e6e-186c-4662-9a64-a51ce15cfbb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/canyoupwnme/1200", "content": "Analysis of a CVE-2017-0199 Malicious RTF Document\nhttps://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/", "creation_timestamp": "2017-04-13T13:21:30.000000Z"}, {"uuid": "9ef5757e-234b-4a21-87ad-dbe2ef431725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/canyoupwnme/1201", "content": "Exploiting CVE-2017-0199: HTA Handler Vulnerability\nhttps://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/", "creation_timestamp": "2017-04-13T13:21:50.000000Z"}, {"uuid": "bb10cedc-3d0e-4584-9a86-ce9357a0d0ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/S_E_Reborn/4980", "content": "Blackberry \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043d\u043e\u0432\u0443\u044e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0438 TTPs SideWinder, \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u00a0\u043d\u0430 \u043f\u043e\u0440\u0442\u044b \u0438 \u043c\u043e\u0440\u0441\u043a\u0438\u0435 \u0441\u043e\u043e\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432 \u0418\u043d\u0434\u0438\u0439\u0441\u043a\u043e\u043c \u043e\u043a\u0435\u0430\u043d\u0435 \u0438 \u0421\u0440\u0435\u0434\u0438\u0437\u0435\u043c\u043d\u043e\u043c \u043c\u043e\u0440\u0435.\n\n\u0418\u043d\u0434\u0438\u0439\u0441\u043a\u0430\u044f SideWinder APT (Razor Tiger, Rattlesnake \u0438 T-APT-04) \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 2012 \u0438 \u0440\u0430\u043d\u0435\u0435 \u0431\u044b\u043b\u0430 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 \u0432 \u043d\u0430\u043f\u0430\u0434\u0435\u043d\u0438\u044f\u0445 \u043d\u0430 \u0432\u043e\u0435\u043d\u043d\u044b\u0435, \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0438 \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u041f\u0430\u043a\u0438\u0441\u0442\u0430\u043d\u0430, \u0410\u0444\u0433\u0430\u043d\u0438\u0441\u0442\u0430\u043d\u0430, \u041a\u0438\u0442\u0430\u044f \u0438 \u041d\u0435\u043f\u0430\u043b\u0430.\n\n\u0414\u043e\u043c\u0435\u043d\u044b \u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u0441 \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u043e\u0439 \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430, \u043f\u043e\u0434\u0440\u0430\u0437\u0443\u043c\u0435\u0432\u0430\u044e\u0442 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433 \u043d\u0430 \u041f\u0430\u043a\u0438\u0441\u0442\u0430\u043d, \u0415\u0433\u0438\u043f\u0435\u0442 \u0438 \u0428\u0440\u0438-\u041b\u0430\u043d\u043a\u0443.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u0443\u0431\u0434\u043e\u043c\u0435\u043d\u044b \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u044d\u0442\u0430\u043f\u0430, \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u043d\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433 \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0411\u0430\u043d\u0433\u043b\u0430\u0434\u0435\u0448, \u041c\u044c\u044f\u043d\u043c\u044b, \u041d\u0435\u043f\u0430\u043b\u0430 \u0438 \u041c\u0430\u043b\u044c\u0434\u0438\u0432.\n\n\u041e\u0441\u043d\u043e\u0432\u044b\u0432\u0430\u044f\u0441\u044c \u043d\u0430 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0445 \u043d\u0430\u0431\u043b\u044e\u0434\u0435\u043d\u0438\u044f\u0445, \u0446\u0435\u043b\u044c\u044e \u044d\u0442\u043e\u0439 \u043d\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 SideWinder, \u043f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0448\u043f\u0438\u043e\u043d\u0430\u0436 \u0438 \u0441\u0431\u043e\u0440 \u0440\u0430\u0437\u0432\u0435\u0434\u044b\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\nSideWinder \u0442\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u043c\u0435\u0442\u043e\u0434\u044b \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u0431\u043e\u043a\u043e\u0432\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 DLL, \u0447\u0442\u043e\u0431\u044b \u0438\u0437\u0431\u0435\u0436\u0430\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0446\u0435\u043b\u0435\u0432\u044b\u0435 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u044b.\n\n\u041e\u0431\u044b\u0447\u043d\u043e \u0436\u0435\u0440\u0442\u0432\u0430 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u0441 \u043e\u0447\u0435\u043d\u044c \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u043d\u044b\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0435\u043c \u043d\u0430 VirusTotal \u0438 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0435\u0433\u043e, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0430\u043f \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u043e\u0447\u0435\u043d\u044c \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d, \u0447\u0442\u043e\u0431\u044b \u0432\u044b\u0434\u0430\u0442\u044c \u0435\u0433\u043e \u0437\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438, \u0443\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0439 \u0446\u0435\u043b\u0438.\n\n\u0412 \u043d\u043e\u0432\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b \u0431\u044b\u043b\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 \u043f\u043e\u0440\u0442\u0430 \u0410\u043b\u0435\u043a\u0441\u0430\u043d\u0434\u0440\u0438\u044f \u0432 \u0421\u0440\u0435\u0434\u0438\u0437\u0435\u043c\u043d\u043e\u043c \u043c\u043e\u0440\u0435, \u0442\u0430\u043a\u0436\u0435 \u041f\u043e\u0440\u0442\u043e\u0432\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u041a\u0440\u0430\u0441\u043d\u043e\u043c \u043c\u043e\u0440\u0435.\n\n\u0412\u0441\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0442\u0435\u0445\u043d\u0438\u043a\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0448\u0430\u0431\u043b\u043e\u043d\u0430 (CVE-2017-0199) \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0446\u0435\u043b\u0438.\n\n\u0422\u0435\u043b\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430, \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432 \u0432\u0438\u0434\u0435 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0433\u043e \u043f\u0438\u0441\u044c\u043c\u0430, \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 URL \u0432 \u0432\u0438\u0434\u0435 \u043e\u0431\u044b\u0447\u043d\u043e\u0433\u043e \u0442\u0435\u043a\u0441\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u0435\u0434\u0435\u0442 \u043d\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0441\u0430\u0439\u0442, \u043e\u0442\u043a\u0443\u0434\u0430 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442\u0441\u044f \u0444\u0430\u0439\u043b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u044d\u0442\u0430\u043f\u0430.\n\n\u0414\u0430\u043b\u0435\u0435 \u0444\u0430\u0439\u043b \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 RTF \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2017-11882. \u041e\u043d \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0448\u0435\u043b\u043b\u043a\u043e\u0434, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f \u0444\u0430\u0439\u043b\u0430.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u0432\u00a0\u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 SideWinder\u00a0\u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u041f\u041e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 JavaScript, \u0441\u043a\u0440\u044b\u0442\u044b\u0439 \u0432 \u0444\u0430\u0439\u043b\u0435 RTF.\n\n\u0426\u0435\u043b\u044c\u044e \u0448\u0435\u043b\u043b-\u043a\u043e\u0434\u0430 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0436\u0435\u0440\u0442\u0432\u044b, \u0447\u0442\u043e\u0431\u044b \u0443\u0432\u0438\u0434\u0435\u0442\u044c, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043b\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0439, \u0430 \u043d\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0440\u0435\u0434\u043e\u0439.\n\n\u041f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u044b\u0432\u0430\u0435\u0442 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043a\u043e\u0434 JavaScript, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0433\u0440\u0443\u0437\u0438\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0430\u043f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 - \u0442\u0430\u043a\u0436\u0435 \u043a\u043e\u0434\u043e\u043c JavaScript (\u043d\u043e \u0437\u0430\u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043e\u0431\u0440\u0430\u0437\u0446\u044b \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u044d\u0442\u0430\u043f\u0430 \u043d\u0435 \u0443\u0434\u0430\u043b\u043e\u0441\u044c).\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u043f\u043e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u04212 \u0441 \u0433\u0435\u043e\u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u0432\u043e\u0430\u043d\u0438\u0435\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2024-07-29T20:25:43.000000Z"}, {"uuid": "e2efc426-95ae-4394-9843-15d83360d563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-0199", "type": "exploited", "source": "https://t.me/indoghostsec/1901", "content": "INDOGHOSTSEC\n\n CVE-2017-0199 Vulnerability Exploit Sample Analysis BY INDOGHOSTSEC \ninstagram.com/indoghost.sec\n\n4x3ll666gh05t\n\n> md5: 0087AA25E20070186AC171BE6C528DA6 \n\n> File size: 31752 bytes (31kb) \n\n> File type: PDF         \n\nsample The initial file is disguised as a PDF file, hidden in its PDF data stream segment, a word file, and a JS hidden in its PDF Code. When the PDF is opened, the JS code will be executed. Then, the software that opens the word file by default on the computer will be called to open the word file. Then, if the software that is associated with the computer to open the word file by default is the office in the vulnerability version, it will execute by default Download the malicious link in word.    Use PDFstreamDumper to view the data of each segment of this PDF, this is a Word file with embedded data stream segments\n\nAttack Load \n\nFile MD5: AAFD0EBFE1AFBCAE1834430FEEBD5A31\nFile Type: of Bi nExecute / Microsoft.EXE [: the X86]\n\n> compiled language: NSIS Packer sample description;      the sample is The NSIS packaging program. After running the sample, the sample will successively call [collages.dll Corticoid.cab System.dll] ( where System.dl is harmless ) in its resource file, and then call the LoadLibraryExA function to load System.dll after System. dll will continue to call collages.dll address and call LoadLibraryA function to load collages.dll, collages.dll will Corticoid.cab compressed file decryption core sample shellcode decrypt it, then\n\n>  collages.dll uses process injection technology to create a child process that injects the decrypted shellcode data into the child process and executes the shellcode to execute malicious code for camouflage purposes. After finding that it is nsis packaged software, use 7-zip to decompress it, and you can see its related resource files. The cab file is a corrupted file, the cabinet compressed file size and its file type and it is suspected to be a shellcode resource file\n\n#Note Loaded the resource file, analyzed the two dlls at the beginning, found no malicious code, focused on the cab file, and turned it around for a long time in the packaging program. A lot of time wasted)\n\nby indoghostsec", "creation_timestamp": "2020-02-08T03:53:27.000000Z"}]}