From c23543758af7ff4657feec9d0f5befc839280462 Mon Sep 17 00:00:00 2001
From: StrangerealIntel <54320855+StrangerealIntel@users.noreply.github.com>
Date: Tue, 12 Nov 2019 11:51:33 +0100
Subject: [PATCH] Update analysis.md

---
 North Korea/APT/Lazarus/23-10-19/analysis.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/North Korea/APT/Lazarus/23-10-19/analysis.md b/North Korea/APT/Lazarus/23-10-19/analysis.md
index 58f66c2..c763088 100644
--- a/North Korea/APT/Lazarus/23-10-19/analysis.md	
+++ b/North Korea/APT/Lazarus/23-10-19/analysis.md	
@@ -28,7 +28,7 @@
 <p align="center">
   <img src="https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/HWP/Doc.PNG" >
 </p>
-<h6> This initial vector of the infection begins by a current exploit in HWP (CVE-2015-6585) to execute an EPS script, this download and execute the next stage of the infection.</h6>
+<h6> This initial vector of the infection begins by a current exploit in HWP (CVE-2017-8291) allow a remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document.This download and execute the next stage of the infection.</h6>
 <p align="center">
   <img src="https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/HWP/EPS.PNG">
 </p>