#CVE-2017-0199
An interesting example, using Vietnam's YSEALI College as bait.Vulnerability links are github.com/efimovah/abcd/… in the link contains multiple pieces of malware that have been confused.
Hash
A33AF82EBA873349ABB1CDE3BBD2D7F6
8691B36952F9B5842A9A26D391F70D88
When the document is closed, a back door is written to the registry.
And the backdoor can update itself.
Finally, the command executed is whoami😂😂😂
• • •
Missing some Tweet in this thread? You can try to
force a refresh