http://contagiodump.blogspot.tw/
幫她打打廣告
最近 Mila 貢獻了一包 CVE-2012-0158 的樣本, 我們很快用專業的 APT 惡意文件分析引擎 XecScan ( http://scan.xecure-lab.com ) 掃描了這90個樣本, 這包樣本都可以準確被我們 100% 偵測到 :)
不過我卻發現有3個檔案不是 CVE-2012-0158 而是 CVE-2010-3333
所以應該是 87個檔案是 CVE-2012-0158
而下面這三個是 CVE-2010-3333
125b8babb6ee4442efc75a5688c6bb5d0c71f8a685bcdff6b4043f3a829e65eb_Oded - Working.rtf
abbd1fa4dde11b94360338de8b5a2af7b09c6149ce1633797da825d5843cea7f_Criteria.doc
ec8b9c68872257cec2552ac727348c09314658d9497085f8a19f58004476c9b8_info.doc
In summary, thanks Mila for sharing the samples as always, we quickly dump the 90 samples into our XecScan, and all are detected. Yummy~ While 87 are identified as CVE-2012-0158, 3 samples are actually using CVE-2010-3333. We list out those three as above.
回覆刪除