{"vulnerability": "cve-2017-8291", "sightings": [{"uuid": "6ccf5563-8405-4edc-baf5-6ca39b1fd41c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/5d7f312f-2b38-4fcb-b422-6c12950d210f", "content": "", "creation_timestamp": "2019-09-16T08:34:39.000000Z"}, {"uuid": "52cfdccf-aec9-4673-a5be-a6cf196f2571", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/5eb2537a-3c44-4ee7-ac91-78b1ac13a7a7", "content": "", "creation_timestamp": "2020-05-06T06:07:37.000000Z"}, {"uuid": "eb16d857-e2b0-4876-9bd6-df4031a43756", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/5db2a818-5300-4671-a6e2-6c6f0a3b4631", "content": "", "creation_timestamp": "2019-10-25T07:46:22.000000Z"}, {"uuid": "e92ef516-2c4a-4706-9bbc-ad928505662a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/7b524550-e2c4-422c-a4c1-fd38ea093654", "content": "", "creation_timestamp": "2020-10-09T15:04:09.000000Z"}, {"uuid": "700a5d86-c43d-45d7-8f52-65964361cc29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/e6f95ba7-dbc2-4df6-b631-5725ad11a0a4", "content": "", "creation_timestamp": "2020-10-09T14:24:00.000000Z"}, {"uuid": "3b64fcea-c5fd-4923-9d48-0235c32810f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/d3b98a86-0ff8-4077-9b21-18b4663e9f7d", "content": "", "creation_timestamp": "2020-11-14T07:50:30.000000Z"}, {"uuid": "13c133bc-7ca0-4c90-bd4a-9021438a2ae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/bfc551b1-629c-42c2-8e7e-93287c90b6a1", "content": "", "creation_timestamp": "2020-11-14T05:31:27.000000Z"}, {"uuid": "8c5a34b1-c7d5-46e4-91c6-d2731fc18567", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/c188300b-f586-4c78-9e22-13d56c150c97", "content": "", "creation_timestamp": "2020-10-09T14:33:25.000000Z"}, {"uuid": "dd8f7a7d-7201-4263-b9fa-2f9555ef4571", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/5d49cea6-2345-4592-bee1-d820849aeae1", "content": "", "creation_timestamp": "2020-10-09T15:58:39.000000Z"}, {"uuid": "0407df10-d9dc-4f9a-91d5-6259036dff86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/18c6765e-bd2a-495a-be8d-aa7f0ba822b4", "content": "", "creation_timestamp": "2020-11-14T08:24:18.000000Z"}, {"uuid": "6646dc9e-80e3-4165-a8de-ba188eea39ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/4b7d157a-cade-45f2-afa4-bd4f333cd47e", "content": "", "creation_timestamp": "2020-11-14T08:06:56.000000Z"}, {"uuid": "c36cbcb5-536f-4b84-a2af-d33ba91ef14d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/95cb113f-28f8-423a-b301-9a8a4515098c", "content": "", "creation_timestamp": "2020-11-14T04:31:57.000000Z"}, {"uuid": "158adc66-b4ca-49ae-8d73-fe7ec7ab3ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/ecdd9822-a884-4ed3-8742-445ed10f320d", "content": "", "creation_timestamp": "2020-11-14T02:40:03.000000Z"}, {"uuid": "df58f1e8-2a3e-4f50-9d24-880e41bb6bb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/bf844bc5-caf9-4557-87a6-97a73029c057", "content": "", "creation_timestamp": "2020-11-14T08:48:53.000000Z"}, {"uuid": "04c76eff-e6d1-464a-9def-19d317dd3200", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/7e48b572-a8df-461b-ac8b-bfa540f958e3", "content": "", "creation_timestamp": "2020-11-14T09:30:31.000000Z"}, {"uuid": "b2246bf9-1058-4277-87fb-03e71cdc24d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/594639c4-efcc-4913-b0f7-79d3899280e2", "content": "", "creation_timestamp": "2020-11-14T07:54:51.000000Z"}, {"uuid": "652a503d-be84-43ee-8c2a-8756e5557c6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/1e6df598-a3bc-4171-b367-f89600a60d10", "content": "", "creation_timestamp": "2020-11-13T23:04:17.000000Z"}, {"uuid": "71a6ea89-9b49-4e96-969c-155ccbf8b4df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/a34bcb45-f3db-43f4-913c-a097e3c121f0", "content": "", "creation_timestamp": "2020-11-14T09:21:55.000000Z"}, {"uuid": "1692506f-7af0-46a2-86eb-6b328a7d242d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/46d6427f-9f1f-4a9c-ab4b-9ede461c2ae8", "content": "", "creation_timestamp": "2020-11-14T01:02:03.000000Z"}, {"uuid": "2fc7795e-034c-46e0-8bd0-7865c608a63f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/05bd430b-f131-476a-8742-ef91bc4c3351", "content": "", "creation_timestamp": "2020-11-13T23:18:50.000000Z"}, {"uuid": "1783912d-3a7d-448b-bc1b-7c988180d770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/1d3f6671-06ab-4d1e-9477-1eecda02f082", "content": "", "creation_timestamp": "2020-11-14T09:10:16.000000Z"}, {"uuid": "781b3e25-ff9e-4e6f-a47b-5859586f3958", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "9dc091f1-d067-4f7f-89a4-e00785729f2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "exploited", "source": "https://www.exploit-db.com/exploits/41955", "content": "", "creation_timestamp": "2017-05-02T00:00:00.000000Z"}, {"uuid": "58e159cc-645f-41a9-ab54-c7408e0c07de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971578", "content": "", "creation_timestamp": "2024-12-24T20:31:23.733414Z"}, {"uuid": "6d9cae01-f4f0-4fc1-880d-a55fd5a6b2e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "7871876f-560a-41a3-bb00-fff5d921972f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:00.000000Z"}, {"uuid": "28a472f6-01cf-4fd4-af3c-378cf1a25d22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:16.000000Z"}, {"uuid": "d4d5798d-b50f-4ab3-a76c-57833a1b9d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2017-8291", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/fc46f1e7-80e5-477d-8ce1-4ebb2543405f", "content": "", "creation_timestamp": "2026-02-02T12:27:40.042220Z"}, {"uuid": "85ef2971-3743-4d3a-99c5-5cde93f60af9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb", "content": "", "creation_timestamp": "2018-05-29T15:50:33.000000Z"}, {"uuid": "18768ea1-18ab-41cf-bbab-82141c9d5111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "seen", "source": "https://gist.github.com/Cyb0rgbytes/57605ba347a910ea6f3b91981f9aba52", "content": "", "creation_timestamp": "2026-02-21T18:04:21.000000Z"}, {"uuid": "ffcd9124-a649-4fed-929e-ecb30ec7b080", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "published-proof-of-concept", "source": "Telegram/ohhx9aLWB6H6FtE82dy8Oa9CBO10UOvzjE7qGfvq0YwfOqg", "content": "", "creation_timestamp": "2025-06-13T15:00:06.000000Z"}, {"uuid": "c02aade9-ac33-4235-a7f4-47a58f04b14b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "exploited", "source": "Telegram/BbCN9IqV7o-6Pu-7xEH13AwaY0QZWws_QlgaUUoaTcUd", "content": "", "creation_timestamp": "2023-04-13T17:31:00.000000Z"}, {"uuid": "81cd734c-08d3-416c-af01-8d3f86c8ccb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "exploited", "source": "https://t.me/S_E_Reborn/3460", "content": "\u0412 \u043d\u043e\u0432\u043e\u043c \u043e\u0442\u0447\u0435\u0442\u0435\u00a0\u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 AhnLab Security (ASEC) \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043d\u043e\u0432\u043e\u043c \u0448\u0442\u0430\u043c\u043c\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c M2RAT \u0438 \u0441\u0442\u0435\u0433\u0430\u043d\u043e\u0433\u0440\u0430\u0444\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0435\u043f\u0435\u0440\u044c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442\u0441\u044f \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u043e\u0439 APT37 (RedEyes \u0438\u043b\u0438 ScarCruft), \u0447\u0442\u043e\u0431\u044b \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0430 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043b\u0438\u0446 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0412 2022 \u0433\u043e\u0434\u0443 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u00a00-day \u0432 Internet Explorer\u00a0\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0430 \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u0441\u043f\u0435\u043a\u0442\u0440 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u041f\u041e \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u0438 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043b\u0438\u0446.\n\n\u0415\u0441\u043b\u0438 \u0415\u0421 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u0431\u044d\u043a\u0434\u043e\u0440\u0430\u00a0Dolphin, \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 RAT Konni, \u0442\u043e \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u0445 \u0436\u0443\u0440\u043d\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0441\u044f Goldbackdoor.\n\n\u041d\u043e\u0432\u043e\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0440\u0430\u0437\u0434\u0435\u043b \u043e\u0431\u0449\u0435\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u0434\u043b\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441 Windows \u0438 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432, \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u043b\u0435\u0434\u043e\u0432 \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435. \n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0435 ASEC \u0430\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2023 \u0433\u043e\u0434\u0430 \u0441 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0446\u0435\u043b\u044f\u043c \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0445 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435, \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0441\u0442\u0430\u0440\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 EPS (CVE-2017-8291) \u0432 \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0435 Hangul, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c \u043f\u043e\u0432\u0441\u0435\u043c\u0435\u0441\u0442\u043d\u043e \u0432 \u042e\u0436\u043d\u043e\u0439 \u041a\u043e\u0440\u0435\u0435.\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u043a \u0448\u0435\u043b\u043b-\u043a\u043e\u0434\u0430 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u0436\u0435\u0440\u0442\u0432\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e, \u0445\u0440\u0430\u043d\u044f\u0449\u0435\u0435\u0441\u044f \u0432 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0438 JPEG.\n\n\u0424\u0430\u0439\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0442\u0435\u0433\u0430\u043d\u043e\u0433\u0440\u0430\u0444\u0438\u044e, \u0441\u043a\u0440\u044b\u0432\u0430\u044f \u043a\u043e\u0434 \u0432\u043d\u0443\u0442\u0440\u0438, \u0447\u0442\u043e\u0431\u044b \u043d\u0435\u0437\u0430\u043c\u0435\u0442\u043d\u043e \u0432\u0432\u0435\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b M2RAT (lskdjfei.exe) \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0438 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432 explorer.exe.\n\n\u0414\u043b\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442 \u043d\u043e\u0432\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 (RyPO) \u0432 \u043a\u043b\u044e\u0447 \u0440\u0435\u0435\u0441\u0442\u0440\u0430 \u00ab\u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c\u00bb \u0441 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0447\u0435\u0440\u0435\u0437 cmd.exe.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0440\u0430\u043d\u0435\u0435 \u043f\u043e\u043f\u0430\u0434\u0430\u043b\u0430 \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0438 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 \u0432 2021 \u0433\u043e\u0434\u0443.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 M2RAT \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u044b\u0439 RAT, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044f \u043a\u0435\u0439\u043b\u043e\u0433\u0438\u043d\u0433, \u043a\u0440\u0430\u0436\u0443 \u0434\u0430\u043d\u043d\u044b\u0445, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u043e\u0432 \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u0441\u0442\u043e\u043b\u0430 (\u043f\u0440\u0438\u0447\u0435\u043c \u044d\u0442\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0438\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u0438 \u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0430\u0432\u0442\u043e\u043d\u043e\u043c\u043d\u043e).\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0441\u043e\u0431\u0438\u0440\u0430\u044e\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0441 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0435\u0435 \u043d\u0430 C2.\n\n\u041e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0435\u043d \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u041f\u041e, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0440\u0442\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0435 \u043a \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0443 \u0441 Windows, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u044b \u0438\u043b\u0438 \u043f\u043b\u0430\u043d\u0448\u0435\u0442\u044b.\n\n\u041f\u0440\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438 M2RAT \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0433\u043e\u043b\u043e\u0441\u0430 \u0438, \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u0441\u043a\u043e\u043f\u0438\u0440\u0443\u0435\u0442 \u0438\u0445 \u043d\u0430 \u041f\u041a \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u043d\u0430 C2.\n\n\u041f\u0435\u0440\u0435\u0434 \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0435\u0439 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u0436\u0438\u043c\u0430\u044e\u0442\u0441\u044f \u0432 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0439 \u043f\u0430\u0440\u043e\u043b\u0435\u043c RAR-\u0430\u0440\u0445\u0438\u0432, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f \u043a\u043e\u043f\u0438\u044f \u0441\u0442\u0438\u0440\u0430\u0435\u0442\u0441\u044f \u0438\u0437 \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u0414\u0440\u0443\u0433\u0430\u044f \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u044c M2RAT \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043e\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0435\u043a\u0446\u0438\u044e \u043e\u0431\u0449\u0435\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f, \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u0440\u044f\u043c\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 C2 \u0431\u0435\u0437 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0438\u0445 \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0412\u0441\u0435 \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0443\u0441\u043b\u043e\u0436\u043d\u044f\u0435\u0442 \u0430\u043d\u0430\u043b\u0438\u0437.\n\n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, APT37 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0439 \u043d\u0430\u0431\u043e\u0440 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043e\u0442\u0434\u0430\u0432\u0430\u044f \u043f\u0440\u0435\u0434\u043f\u043e\u0447\u0442\u0435\u043d\u0438\u0435 \u0441\u043b\u043e\u0436\u043d\u043e \u043e\u0442\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u043c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\u043c.", "creation_timestamp": "2023-02-16T00:40:20.000000Z"}, {"uuid": "d85a183b-de8e-4d81-9afb-20b95e2ea6aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "exploited", "source": "https://t.me/arpsyndicate/1613", "content": "%23ExploitObserverAlert\n\nCVE-2017-8291\n\nDESCRIPTION: Exploit Observer has 21 entries related to CVE-2017-8291. Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.\n\nFIRST-EPSS: 0.254590000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-10T12:09:35.000000Z"}, {"uuid": "5e4921ae-dac3-43b2-afcd-6edd8374a2b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-8291", "type": "exploited", "source": "https://t.me/true_secator/4067", "content": "\u0412 \u043d\u043e\u0432\u043e\u043c \u043e\u0442\u0447\u0435\u0442\u0435\u00a0\u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 AhnLab Security (ASEC) \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e \u043d\u043e\u0432\u043e\u043c \u0448\u0442\u0430\u043c\u043c\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c M2RAT \u0438 \u0441\u0442\u0435\u0433\u0430\u043d\u043e\u0433\u0440\u0430\u0444\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0435\u043f\u0435\u0440\u044c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0442\u0441\u044f \u0441\u0435\u0432\u0435\u0440\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u043e\u0439 APT37 (RedEyes \u0438\u043b\u0438 ScarCruft), \u0447\u0442\u043e\u0431\u044b \u043d\u0430\u0446\u0435\u043b\u0438\u0432\u0430\u0442\u044c\u0441\u044f \u043d\u0430 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043b\u0438\u0446 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0412 2022 \u0433\u043e\u0434\u0443 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u00a00-day \u0432 Internet Explorer\u00a0\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0430 \u0448\u0438\u0440\u043e\u043a\u0438\u0439 \u0441\u043f\u0435\u043a\u0442\u0440 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u041f\u041e \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u0438 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043b\u0438\u0446.\n\n\u0415\u0441\u043b\u0438 \u0415\u0421 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043b\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u0431\u044d\u043a\u0434\u043e\u0440\u0430\u00a0Dolphin, \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 RAT Konni, \u0442\u043e \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u0445 \u0436\u0443\u0440\u043d\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0441\u044f Goldbackdoor.\n\n\u041d\u043e\u0432\u043e\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0440\u0430\u0437\u0434\u0435\u043b \u043e\u0431\u0449\u0435\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u0434\u043b\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441 Windows \u0438 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432, \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435 \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u043b\u0435\u0434\u043e\u0432 \u043d\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435. \n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u0435 ASEC \u0430\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2023 \u0433\u043e\u0434\u0430 \u0441 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0446\u0435\u043b\u044f\u043c \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0445 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435, \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0441\u0442\u0430\u0440\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 EPS (CVE-2017-8291) \u0432 \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0435 Hangul, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u043c \u043f\u043e\u0432\u0441\u0435\u043c\u0435\u0441\u0442\u043d\u043e \u0432 \u042e\u0436\u043d\u043e\u0439 \u041a\u043e\u0440\u0435\u0435.\n\n\u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u043a \u0448\u0435\u043b\u043b-\u043a\u043e\u0434\u0430 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u0436\u0435\u0440\u0442\u0432\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e, \u0445\u0440\u0430\u043d\u044f\u0449\u0435\u0435\u0441\u044f \u0432 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0438 JPEG.\n\n\u0424\u0430\u0439\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0442\u0435\u0433\u0430\u043d\u043e\u0433\u0440\u0430\u0444\u0438\u044e, \u0441\u043a\u0440\u044b\u0432\u0430\u044f \u043a\u043e\u0434 \u0432\u043d\u0443\u0442\u0440\u0438, \u0447\u0442\u043e\u0431\u044b \u043d\u0435\u0437\u0430\u043c\u0435\u0442\u043d\u043e \u0432\u0432\u0435\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b M2RAT (lskdjfei.exe) \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0438 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432 explorer.exe.\n\n\u0414\u043b\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u0442 \u043d\u043e\u0432\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 (RyPO) \u0432 \u043a\u043b\u044e\u0447 \u0440\u0435\u0435\u0441\u0442\u0440\u0430 \u00ab\u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c\u00bb \u0441 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u043c\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f PowerShell \u0447\u0435\u0440\u0435\u0437 cmd.exe.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0440\u0430\u043d\u0435\u0435 \u043f\u043e\u043f\u0430\u0434\u0430\u043b\u0430 \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0438 \u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 \u0432 2021 \u0433\u043e\u0434\u0443.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 M2RAT \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u044b\u0439 RAT, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044f \u043a\u0435\u0439\u043b\u043e\u0433\u0438\u043d\u0433, \u043a\u0440\u0430\u0436\u0443 \u0434\u0430\u043d\u043d\u044b\u0445, \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u043e\u0432 \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u0441\u0442\u043e\u043b\u0430 (\u043f\u0440\u0438\u0447\u0435\u043c \u044d\u0442\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0438\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u0438 \u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0430\u0432\u0442\u043e\u043d\u043e\u043c\u043d\u043e).\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0441\u043e\u0431\u0438\u0440\u0430\u044e\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0441 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0430 \u0437\u0430\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0435\u0435 \u043d\u0430 C2.\n\n\u041e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0435\u043d \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u041f\u041e, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0440\u0442\u0430\u0442\u0438\u0432\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u0435 \u043a \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0443 \u0441 Windows, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0441\u043c\u0430\u0440\u0442\u0444\u043e\u043d\u044b \u0438\u043b\u0438 \u043f\u043b\u0430\u043d\u0448\u0435\u0442\u044b.\n\n\u041f\u0440\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438 M2RAT \u0441\u043a\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u043d\u0430 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0433\u043e\u043b\u043e\u0441\u0430 \u0438, \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u0441\u043a\u043e\u043f\u0438\u0440\u0443\u0435\u0442 \u0438\u0445 \u043d\u0430 \u041f\u041a \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u043d\u0430 C2.\n\n\u041f\u0435\u0440\u0435\u0434 \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0435\u0439 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u0436\u0438\u043c\u0430\u044e\u0442\u0441\u044f \u0432 \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0439 \u043f\u0430\u0440\u043e\u043b\u0435\u043c RAR-\u0430\u0440\u0445\u0438\u0432, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0430\u044f \u043a\u043e\u043f\u0438\u044f \u0441\u0442\u0438\u0440\u0430\u0435\u0442\u0441\u044f \u0438\u0437 \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u0414\u0440\u0443\u0433\u0430\u044f \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u044c M2RAT \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043e\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u0435\u043a\u0446\u0438\u044e \u043e\u0431\u0449\u0435\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f, \u043a\u0440\u0430\u0436\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u0440\u044f\u043c\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u043d\u0430 C2 \u0431\u0435\u0437 \u0441\u043e\u0445\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0438\u0445 \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0412\u0441\u0435 \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0443\u0441\u043b\u043e\u0436\u043d\u044f\u0435\u0442 \u0430\u043d\u0430\u043b\u0438\u0437.\n\n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, APT37 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0441\u0432\u043e\u0439 \u043d\u0430\u0431\u043e\u0440 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043e\u0442\u0434\u0430\u0432\u0430\u044f \u043f\u0440\u0435\u0434\u043f\u043e\u0447\u0442\u0435\u043d\u0438\u0435 \u0441\u043b\u043e\u0436\u043d\u043e \u043e\u0442\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u043c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\u043c.", "creation_timestamp": "2023-02-15T10:29:27.000000Z"}]}