RTF variant of CVE-2017-8759 - From Exploit to Payload

Forum for analysis and discussion about malware.
Post Reply
explo1t
Posts: 3
Joined: Sat Sep 23, 2017 4:10 am

RTF variant of CVE-2017-8759 - From Exploit to Payload

Post by explo1t » Sat Sep 23, 2017 4:12 am

An interesting writeup on an RTF variant of Document exploiting CVE-2017-8759. It shows different steps of analysis from basic analysis of the Exploit File to payload.

http://www.pwncode.club/2017/09/rtf-bas ... -8759.html

The final stage of the payload is fetched from: www.thyssenkrupp-marinesystems.org. Is it a legitimate and compromised site?

Post Reply