{"vulnerability": "cve-2024-7263", "sightings": [{"uuid": "32e3a365-0203-48bc-8ce7-4ef6ae99c8b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "seen", "source": "MISP/e80be295-5105-44a2-8f35-73504e1a64bb", "content": "", "creation_timestamp": "2024-08-29T19:06:58.000000Z"}, {"uuid": "27e81682-6a16-408a-a3ca-c0d50d8219eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3lnv6r6buzs2r", "content": "", "creation_timestamp": "2025-04-28T16:29:04.030784Z"}, {"uuid": "cde11dac-b68f-43d0-b778-76b002daae15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3lnv6rbfz522r", "content": "", "creation_timestamp": "2025-04-28T16:29:04.996293Z"}, {"uuid": "9016b4ed-69d3-4088-9477-25dc44e1997c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3lnv6rbg24c2r", "content": "", "creation_timestamp": "2025-04-28T16:29:06.195330Z"}, {"uuid": "85736536-8ceb-40bb-8372-637076dd5e49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3lnv6rbg33k2r", "content": "", "creation_timestamp": "2025-04-28T16:29:07.237309Z"}, {"uuid": "7edb5486-954f-4f87-9371-aede25e3f26b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "seen", "source": "https://t.me/cvedetector/3244", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-7263 - Kingsoft WPS Office DLL Hijacking\", \n  \"Content\": \"CVE ID : CVE-2024-7263 \nPublished : Aug. 15, 2024, 3:15 p.m. | 22\u00a0minutes ago \nDescription : Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 on Windows allows an attacker to load an arbitrary Windows library.  \nThe patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. Another hyperlink parameter was not properly sanitized which leads to the execution of an arbitrary Windows library. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-15T17:38:17.000000Z"}, {"uuid": "82774043-54d3-41ce-9b7d-8cd2ddb4dbec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "published-proof-of-concept", "source": "https://t.me/InfoSecInsider/23702", "content": "Tools - Hackers Factory \n\nThe tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION.\n\nhttps://github.com/keywa7/keywa7\n\nA tool that allows you to search for vulnerable android devices across the world and exploit them.\n\nhttps://github.com/0x1CA3/AdbNet\n\nAndroid malware source code dataset collected from public resources.\n\nhttps://github.com/d-Raco/android-malware-source-code-samples\n\nNext-Level Reversing: Binary Ninja+TTD\n\nhttps://seeinglogic.com/posts/binary-ninja-ttd-intro/\n\n#Exploit\n\n1. CVE-2024-36974:\nLinux Kernel taprio_parse_mqprio_opt injection\n\nhttps://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob\n\n2. CVE-2024-5274:\nType Confusion in V8 in Google Chrome\n\nhttps://github.com/mistymntncop/CVE-2024-5274\n\n#Threat_Research\n\n1. Analyse MSI files for vulnerabilities\n\nhttps://github.com/CICADA8-Research/MyMSIAnalyzer\n\n2. Analysis of two arbitrary code execution vulnerabilities affecting WPS Office (CVE-2024-7262/CVE-2024-7263)\n\nhttps://welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office\n\nDiscover Ashok, an OSINT reconnaissance tool with features like Wayback Machine crawling, unlimited Google Dorking, GitHub info grabber, subdomain finder and CMS/tech detection!\n\nhttps://github.com/powerexploit/Ashok\n\nBest list of top xss Polyglots to Bypass WAF's\n\nhttps://github.com/coffinsp/lostools/blob/coffin/xsspollygots.txt\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-08T06:29:06.000000Z"}, {"uuid": "4763c126-09cc-414d-876f-b8d042452902", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/830", "content": "Tools - Hackers Factory \n\nThe tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION.\n\nhttps://github.com/keywa7/keywa7\n\nA tool that allows you to search for vulnerable android devices across the world and exploit them.\n\nhttps://github.com/0x1CA3/AdbNet\n\nAndroid malware source code dataset collected from public resources.\n\nhttps://github.com/d-Raco/android-malware-source-code-samples\n\nNext-Level Reversing: Binary Ninja+TTD\n\nhttps://seeinglogic.com/posts/binary-ninja-ttd-intro/\n\n#Exploit\n\n1. CVE-2024-36974:\nLinux Kernel taprio_parse_mqprio_opt injection\n\nhttps://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob\n\n2. CVE-2024-5274:\nType Confusion in V8 in Google Chrome\n\nhttps://github.com/mistymntncop/CVE-2024-5274\n\n#Threat_Research\n\n1. Analyse MSI files for vulnerabilities\n\nhttps://github.com/CICADA8-Research/MyMSIAnalyzer\n\n2. Analysis of two arbitrary code execution vulnerabilities affecting WPS Office (CVE-2024-7262/CVE-2024-7263)\n\nhttps://welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office\n\nDiscover Ashok, an OSINT reconnaissance tool with features like Wayback Machine crawling, unlimited Google Dorking, GitHub info grabber, subdomain finder and CMS/tech detection!\n\nhttps://github.com/powerexploit/Ashok\n\nBest list of top xss Polyglots to Bypass WAF's\n\nhttps://github.com/coffinsp/lostools/blob/coffin/xsspollygots.txt\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-08T06:28:37.000000Z"}, {"uuid": "936677fc-8285-426d-8a67-ca69e6775678", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8721", "content": "Tools - Hackers Factory \n\nThe tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION.\n\nhttps://github.com/keywa7/keywa7\n\nA tool that allows you to search for vulnerable android devices across the world and exploit them.\n\nhttps://github.com/0x1CA3/AdbNet\n\nAndroid malware source code dataset collected from public resources.\n\nhttps://github.com/d-Raco/android-malware-source-code-samples\n\nNext-Level Reversing: Binary Ninja+TTD\n\nhttps://seeinglogic.com/posts/binary-ninja-ttd-intro/\n\n#Exploit\n\n1. CVE-2024-36974:\nLinux Kernel taprio_parse_mqprio_opt injection\n\nhttps://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob\n\n2. CVE-2024-5274:\nType Confusion in V8 in Google Chrome\n\nhttps://github.com/mistymntncop/CVE-2024-5274\n\n#Threat_Research\n\n1. Analyse MSI files for vulnerabilities\n\nhttps://github.com/CICADA8-Research/MyMSIAnalyzer\n\n2. Analysis of two arbitrary code execution vulnerabilities affecting WPS Office (CVE-2024-7262/CVE-2024-7263)\n\nhttps://welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office\n\nDiscover Ashok, an OSINT reconnaissance tool with features like Wayback Machine crawling, unlimited Google Dorking, GitHub info grabber, subdomain finder and CMS/tech detection!\n\nhttps://github.com/powerexploit/Ashok\n\nBest list of top xss Polyglots to Bypass WAF's\n\nhttps://github.com/coffinsp/lostools/blob/coffin/xsspollygots.txt\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-08T06:28:55.000000Z"}, {"uuid": "05554206-a55a-4b29-8696-67c10748a84e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3714", "content": "Tools - Hackers Factory \n\nThe tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION.\n\nhttps://github.com/keywa7/keywa7\n\nA tool that allows you to search for vulnerable android devices across the world and exploit them.\n\nhttps://github.com/0x1CA3/AdbNet\n\nAndroid malware source code dataset collected from public resources.\n\nhttps://github.com/d-Raco/android-malware-source-code-samples\n\nNext-Level Reversing: Binary Ninja+TTD\n\nhttps://seeinglogic.com/posts/binary-ninja-ttd-intro/\n\n#Exploit\n\n1. CVE-2024-36974:\nLinux Kernel taprio_parse_mqprio_opt injection\n\nhttps://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob\n\n2. CVE-2024-5274:\nType Confusion in V8 in Google Chrome\n\nhttps://github.com/mistymntncop/CVE-2024-5274\n\n#Threat_Research\n\n1. Analyse MSI files for vulnerabilities\n\nhttps://github.com/CICADA8-Research/MyMSIAnalyzer\n\n2. Analysis of two arbitrary code execution vulnerabilities affecting WPS Office (CVE-2024-7262/CVE-2024-7263)\n\nhttps://welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office\n\nDiscover Ashok, an OSINT reconnaissance tool with features like Wayback Machine crawling, unlimited Google Dorking, GitHub info grabber, subdomain finder and CMS/tech detection!\n\nhttps://github.com/powerexploit/Ashok\n\nBest list of top xss Polyglots to Bypass WAF's\n\nhttps://github.com/coffinsp/lostools/blob/coffin/xsspollygots.txt\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-08T06:28:46.000000Z"}, {"uuid": "3170b3db-9fbb-40e7-9b49-23d665ff78e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7389", "content": "Tools - Hackers Factory \n\nThe tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION.\n\nhttps://github.com/keywa7/keywa7\n\nA tool that allows you to search for vulnerable android devices across the world and exploit them.\n\nhttps://github.com/0x1CA3/AdbNet\n\nAndroid malware source code dataset collected from public resources.\n\nhttps://github.com/d-Raco/android-malware-source-code-samples\n\nNext-Level Reversing: Binary Ninja+TTD\n\nhttps://seeinglogic.com/posts/binary-ninja-ttd-intro/\n\n#Exploit\n\n1. CVE-2024-36974:\nLinux Kernel taprio_parse_mqprio_opt injection\n\nhttps://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob\n\n2. CVE-2024-5274:\nType Confusion in V8 in Google Chrome\n\nhttps://github.com/mistymntncop/CVE-2024-5274\n\n#Threat_Research\n\n1. Analyse MSI files for vulnerabilities\n\nhttps://github.com/CICADA8-Research/MyMSIAnalyzer\n\n2. Analysis of two arbitrary code execution vulnerabilities affecting WPS Office (CVE-2024-7262/CVE-2024-7263)\n\nhttps://welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office\n\nDiscover Ashok, an OSINT reconnaissance tool with features like Wayback Machine crawling, unlimited Google Dorking, GitHub info grabber, subdomain finder and CMS/tech detection!\n\nhttps://github.com/powerexploit/Ashok\n\nBest list of top xss Polyglots to Bypass WAF's\n\nhttps://github.com/coffinsp/lostools/blob/coffin/xsspollygots.txt\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-08T06:28:55.000000Z"}, {"uuid": "67f5b683-e0e1-404e-a8b9-c2a6925fd240", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/6154", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 ESET \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u044e\u0436\u043d\u043e\u043a\u043e\u0440\u0435\u0439\u0441\u043a\u043e\u0439 APT-C-60, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 0-day \u0432 WPS Office \u0434\u043b\u044f Windows \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u0430 SpyGlace \u043d\u0430 \u043e\u0431\u044a\u0435\u043a\u0442\u044b \u0432 \u0412\u043e\u0441\u0442\u043e\u0447\u043d\u043e\u0439 \u0410\u0437\u0438\u0438.\n\nWPS Office - \u044d\u0442\u043e \u043f\u0430\u043a\u0435\u0442 \u043e\u0444\u0438\u0441\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u044b\u0439 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 \u0444\u0438\u0440\u043c\u043e\u0439 Kingsoft, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0448\u0438\u0440\u043e\u043a\u043e \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d \u0432 \u0410\u0437\u0438\u0438 \u0438 \u043d\u0430\u0441\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 500 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u043e\u0432 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443.\n\n\u041e\u0431\u043e\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u0430\u044f CVE-2024-7262 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 \u043a\u043e\u043d\u0446\u0430 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2024, \u043d\u043e \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043b\u0438\u0448\u044c \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 12.2.0.13110 (\u0430\u0432\u0433\u0443\u0441\u0442 2023) \u043f\u043e 12.1.0.16412 (\u043c\u0430\u0440\u0442 2024).\n\nKingsoft \u0431\u0435\u0437 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0439 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0432 \u043c\u0430\u0440\u0442\u0435 \u044d\u0442\u043e\u0433\u043e \u0433\u043e\u0434\u0430, \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c, \u0447\u0442\u043e \u0432\u043c\u0435\u0441\u0442\u043e \u043d\u0435\u0435 \u0441\u0434\u0435\u043b\u0430\u043b\u0438 ESET, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0448\u0443\u044e \u043a\u0430\u043a \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e, \u0442\u0430\u043a \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n\u041f\u043e\u043c\u0438\u043c\u043e CVE-2024-7262 ESET\u00a0\u043e\u0442\u044b\u0441\u043a\u0430\u043b\u0438 \u0438 \u0432\u0442\u043e\u0440\u0443\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c - CVE-2024-7263, \u043a\u043e\u0442\u043e\u0440\u0443\u044e Kingsoft \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0432 \u043a\u043e\u043d\u0446\u0435 \u043c\u0430\u044f 2024 \u0433\u043e\u0434\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 12.2.0.17119.\n\nCVE-2024-7262 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0442\u0435\u043c, \u043a\u0430\u043a \u041f\u041e \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0435 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u00abksoqing://\u00bb, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0447\u0435\u0440\u0435\u0437 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 URL-\u0430\u0434\u0440\u0435\u0441\u0430 \u0432 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0445.\n\n\u0412 \u0432\u0438\u0434\u0443 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0438 \u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u044d\u0442\u0438\u0445 URL-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0433\u0438\u043f\u0435\u0440\u0441\u0441\u044b\u043b\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0422\u0430\u043a, APT-C-60 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u043b\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u0435 \u0442\u0430\u0431\u043b\u0438\u0446\u044b (\u0444\u0430\u0439\u043b\u044b MHTML), \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0433\u0438\u043f\u0435\u0440\u0441\u0441\u044b\u043b\u043a\u0438, \u0441\u043a\u0440\u044b\u0442\u044b\u0435 \u043f\u043e\u0434 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0435\u043c-\u043f\u0440\u0438\u043c\u0430\u043d\u043a\u043e\u0439, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0436\u0435\u0440\u0442\u0432\u0443 \u0449\u0435\u043b\u043a\u043d\u0443\u0442\u044c \u043f\u043e \u043d\u0438\u043c \u0438 \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442.\n\n\u041e\u0431\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043d\u044b\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b URL \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0432 \u0441\u0435\u0431\u044f \u0437\u0430\u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0432 base64 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u043b\u0430\u0433\u0438\u043d\u0430 (promecefpluginhost.exe), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u044b\u0442\u0430\u0435\u0442\u0441\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e DLL (ksojscore.dll), \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0443\u044e \u043a\u043e\u0434 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430.\n\n\u042d\u0442\u0430 DLL \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 APT-C-60, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u0439 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 (TaskControler.dll) \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430, \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c SpyGlace.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0430\u0442\u0430\u043a APT-C-60 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u0432\u0442\u043e\u0440\u0430\u044f \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u0432\u0448\u0430\u044f\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c WPS Office, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u044f\u0432\u0438\u043b\u0430\u0441\u044c \u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f CVE-2024-7262.\n\n\u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u043e \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432, \u0447\u0430\u0441\u0442\u044c \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, CefPluginPathU8, \u0432\u0441\u0435 \u0435\u0449\u0435 \u043d\u0435 \u0431\u044b\u043b\u0438 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0437\u0430\u0449\u0438\u0449\u0435\u043d\u044b, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0441\u043d\u043e\u0432\u0430 \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u043f\u0443\u0442\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 DLL \u0447\u0435\u0440\u0435\u0437 promecefpluginhost.exe.\n\nESET \u043f\u043e\u044f\u0441\u043d\u044f\u0435\u0442, \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e \u0438\u043b\u0438 \u0447\u0435\u0440\u0435\u0437 \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u0440\u0435\u0441\u0443\u0440\u0441 \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 DLL, \u043d\u043e \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u043b\u0438.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u043f\u0435\u0440\u0435\u0447\u0435\u043d\u044c IoC, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0445 \u0441 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c\u044e APT-C-60,\u00a0- \u0432 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438 \u043d\u0430 GitHub.", "creation_timestamp": "2024-08-30T18:20:05.000000Z"}, {"uuid": "f1dbc5db-d213-4c51-9922-3dd0c45d2e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11060", "content": "#Threat_Research\n1. Analyse MSI files for vulnerabilities\nhttps://github.com/CICADA8-Research/MyMSIAnalyzer\n2. Analysis of two arbitrary code execution vulnerabilities affecting WPS Office (CVE-2024-7262/CVE-2024-7263)\nhttps://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office", "creation_timestamp": "2024-09-01T04:56:18.000000Z"}, {"uuid": "68709cb3-cf3c-46bc-884d-7b3ec5cdf780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "exploited", "source": "https://t.me/thehackernews/5488", "content": "A South Korea-aligned cyber espionage group, APT-C-60, has exploited a critical flaw in Kingsoft WPS Office to deploy the SpyGlace backdoor. \n \nRead: https://thehackernews.com/2024/08/apt-c-60-group-exploit-wps-office-flaw.html \n \nEnsure your security teams are updated on CVE-2024-7262 and CVE-2024-7263.", "creation_timestamp": "2024-08-28T17:00:20.000000Z"}, {"uuid": "9a881549-09e3-4b77-a321-681e0227c3ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "seen", "source": "https://t.me/Rootsec_2/4319", "content": "#Threat_Research\n1. Analyse MSI files for vulnerabilities\nhttps://github.com/CICADA8-Research/MyMSIAnalyzer\n2. Analysis of two arbitrary code execution vulnerabilities affecting WPS Office (CVE-2024-7262/CVE-2024-7263)\nhttps://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office", "creation_timestamp": "2024-09-01T04:26:06.000000Z"}, {"uuid": "b77ddfec-f491-4b76-9d86-2110563ae262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7263", "type": "seen", "source": "https://t.me/InfoSecInsider/223", "content": "Tools - Hackers Factory \n\nThe tool that bypasses the firewall's Application Based Rules and lets you connect to anywhere, ANY IP, ANY PORT and ANY APPLICATION.\n\nhttps://github.com/keywa7/keywa7\n\nA tool that allows you to search for vulnerable android devices across the world and exploit them.\n\nhttps://github.com/0x1CA3/AdbNet\n\nAndroid malware source code dataset collected from public resources.\n\nhttps://github.com/d-Raco/android-malware-source-code-samples\n\nNext-Level Reversing: Binary Ninja+TTD\n\nhttps://seeinglogic.com/posts/binary-ninja-ttd-intro/\n\n#Exploit\n\n1. CVE-2024-36974:\nLinux Kernel taprio_parse_mqprio_opt injection\n\nhttps://ssd-disclosure.com/ssd-advisory-linux-kernel-taprio-oob\n\n2. CVE-2024-5274:\nType Confusion in V8 in Google Chrome\n\nhttps://github.com/mistymntncop/CVE-2024-5274\n\n#Threat_Research\n\n1. Analyse MSI files for vulnerabilities\n\nhttps://github.com/CICADA8-Research/MyMSIAnalyzer\n\n2. Analysis of two arbitrary code execution vulnerabilities affecting WPS Office (CVE-2024-7262/CVE-2024-7263)\n\nhttps://welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office\n\nDiscover Ashok, an OSINT reconnaissance tool with features like Wayback Machine crawling, unlimited Google Dorking, GitHub info grabber, subdomain finder and CMS/tech detection!\n\nhttps://github.com/powerexploit/Ashok\n\nBest list of top xss Polyglots to Bypass WAF's\n\nhttps://github.com/coffinsp/lostools/blob/coffin/xsspollygots.txt\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-09-08T06:29:06.000000Z"}]}