An interesting writeup on an RTF variant of Document exploiting CVE-2017-8759. It shows different steps of analysis from basic analysis of the Exploit File to payload.
http://www.pwncode.club/2017/09/rtf-bas ... -8759.html
The final stage of the payload is fetched from: www.thyssenkrupp-marinesystems.org. Is it a legitimate and compromised site?
Forum for analysis and discussion about malware.
1 post • Page 1 of 1