CVE-2018-5002

Forum for completed malware requests.
Post Reply
waffles2.0
Posts: 28
Joined: Mon Aug 01, 2016 9:49 am

CVE-2018-5002

Post by waffles2.0 » Tue Jun 12, 2018 8:46 am

In this blog post by Qihoo 360 they document CVE-2018-5002: http://blogs.360.cn/blog/cve-2018-5002-en/

It seems like they are the only people who have reversed it, unfortunately they have decided to hide a section of the MD5s

***salary.xlsx - MD5: ******517277fb0dbb4bbf724245e663
malicious SWF (Shock Wave File) file - MD5: ******66491a5c5cd7423849f32b58f5
decrypted SWF - md5: ******e78116bebfa1780736d343c9eb

Has anyone found more information or has access to the decrypted Shockwave file that contains the exploit?
Thanks.

User avatar
maddog4012
Posts: 67
Joined: Mon Aug 04, 2014 6:53 pm

Re: CVE-2018-5002

Post by maddog4012 » Tue Jun 12, 2018 1:30 pm

here is the XLS this also has some additional dropped files files collected from the sandbox
You do not have the required permissions to view the files attached to this post.

waffles2.0
Posts: 28
Joined: Mon Aug 01, 2016 9:49 am

Re: CVE-2018-5002

Post by waffles2.0 » Thu Jun 14, 2018 7:47 am

Thanks maddog! It's too bad the C2 server is down now so we can't get the SWF files.

User avatar
xors
Posts: 148
Joined: Mon May 23, 2016 2:01 am

Re: CVE-2018-5002

Post by xors » Thu Jun 14, 2018 9:42 am

swf
You do not have the required permissions to view the files attached to this post.
@xorsthingsv2

Post Reply