ch0ic3/CyberThreatIntel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update analysis.md

Browse Source
This commit is contained in:
StrangerealIntel 2019-11-12 11:51:33 +01:00 committed by GitHub
parent ccc0a393c7
commit c23543758a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
North Korea/APT/Lazarus/23-10-19/analysis.md
View File

@ -28,7 +28,7 @@
<p align="center">
<img src="https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/HWP/Doc.PNG" >
</p>
<h6> This initial vector of the infection begins by a current exploit in HWP (CVE-2015-6585) to execute an EPS script, this download and execute the next stage of the infection.</h6>
<h6> This initial vector of the infection begins by a current exploit in HWP (CVE-2017-8291) allow a remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document.This download and execute the next stage of the infection.</h6>
<p align="center">
<img src="https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/HWP/EPS.PNG">
</p>