CVE-2018-5002 - KernelMode.info

CVE-2018-5002

4 posts

4 posts

CVE-2018-5002

#31645 by waffles2.0
Tue Jun 12, 2018 8:46 am

In this blog post by Qihoo 360 they document CVE-2018-5002: http://blogs.360.cn/blog/cve-2018-5002-en/

It seems like they are the only people who have reversed it, unfortunately they have decided to hide a section of the MD5s

***salary.xlsx - MD5: ******517277fb0dbb4bbf724245e663
malicious SWF (Shock Wave File) file - MD5: ******66491a5c5cd7423849f32b58f5
decrypted SWF - md5: ******e78116bebfa1780736d343c9eb

Has anyone found more information or has access to the decrypted Shockwave file that contains the exploit?
Thanks.

Username

waffles2.0

Posts

28

Joined

Mon Aug 01, 2016 9:49 am

Re: CVE-2018-5002

#31646 by maddog4012
Tue Jun 12, 2018 1:30 pm

here is the XLS this also has some additional dropped files files collected from the sandbox

Attachments

basic_salary.xlsx.zip

PW virus
(228.68 KiB) Downloaded 22 times

Username

maddog4012

Posts

82

Joined

Mon Aug 04, 2014 6:53 pm

Re: CVE-2018-5002

#31671 by waffles2.0
Thu Jun 14, 2018 7:47 am

Thanks maddog! It's too bad the C2 server is down now so we can't get the SWF files.

Username

waffles2.0

Posts

28

Joined

Mon Aug 01, 2016 9:49 am

Re: CVE-2018-5002

#31672 by xors
Thu Jun 14, 2018 9:42 am

swf

Attachments

(25.88 KiB) Downloaded 17 times

@xorsthingsv2

Username

xors

Posts

165

Joined

Mon May 23, 2016 2:01 am

Page 1 of 1
4 posts

Return to “Completed Malware Requests”

Display:

Sort by:

Sort by:

Jump to: