Flash 0day Exploit Sample Download (CVE-2018-15982)
CVE-2018-15982 is assigned to an arbitrary code execution. Yet another Adobe Flash 0day exploit. The malicious hackers are using infected documents, particularly Microsoft Word ones. They are packed inside a RAR archive along with a JPG photo. As soon as the archives are opened upon launching of the Microsoft Word document the built-in Flash scripts will extract a malware payload from the photo.
This tactic is being maintained in order to avoid detection by most security software that directly scan for executable malware files. This approach also shows that advanced phishing tactics have been used in spreading the payload carriers. It is very possible that this attack scenario is based on research and careful planning. CVE-2018-15982 executed in via Microsoft Office Word Document.
This tactic is being maintained in order to avoid detection by most security software that directly scan for executable malware files. This approach also shows that advanced phishing tactics have been used in spreading the payload carriers. It is very possible that this attack scenario is based on research and careful planning. CVE-2018-15982 executed in via Microsoft Office Word Document.
Word Document Signatures
Family: Exploit:SWF/Pukabans.A MD5: 9c65fa48d29e8a0eb1ad80b10b3d9603 SHA256: f9c093f408a2c0c66116bb47f466a01fea73b06751962fb89b7c88be123b6a78
Word Document Download
CVE-2018-15982 SWF PoC Signatures
Family: Exploit:SWF/Pukabans.B MD5: 82fe94beb621a4368e76aa4a51998c00 SHA256: c61dd1b37cbf2d72e3670e3c8dff28959683e6d85b8507cda25efe1dffc04bdb
CVE-2018-15982 SWF PoC Download
Dropped RAT Signatures
Family: Trojan:Win32/Ikebans.A MD5: 7d92dd6e2bff590437dad2cfa221d976 SHA256: c2a827cd8aefa54fb2f91b0f767292d94f5ef7dde9c29090e6be21d34efd1449
Dropped RAT Download
Click to Load Comments
