Shares tag: CVE-2017-8291 • Shares 3 IOCs • Same author: Ahnlab
코드 상의 특징을 통해 살펴본 2가지 공격그룹 (한글문서 취약점)
2019-11-18 • Ahnlab • Two attack groups examined through code characteristics (Hangul document vulnerabilities) •
AhnLab ASEC analyzed HWP malware using CVE-2017-8291 and found a recurring coding mistake in the shellcode preparation stage. The error affected a VirtualProtect call but did not prevent execution because the vulnerable Ghostscript processes had DEP disabled. ASEC notes that variants with and without the mistake may indicate two development groups or branches behind related HWP document malware.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 42ae424f27d83fa132b2967b64f6ba21 | 2019-10-20 | 2021-05-01 |
| HASH | 2bc233b892b8308cebadb09ae915b8d9 | 2019-11-18 | 2019-11-18 |
| HASH | 7d1d7ffee0e2f2778dc6e941bcafbd08 | 2019-11-18 | 2019-11-18 |
| HASH | a5320c6a6afea3c7cc21bfcdbd5e2f6b | 2019-11-18 | 2019-11-18 |
| HASH | 34ef0e67dad9ea8540f0fb3d91468dcf | 2019-11-18 | 2019-11-18 |
| HASH | f865ea5f29bac6fe7f1d976a36c79713 | 2019-10-24 | 2019-11-18 |
| HASH | c87696a3224f97e30200a93021e44ab6 | 2019-07-03 | 2019-11-18 |
| HASH | 98b68c2f2fdc67db371bb6783b811c8f | 2019-05-10 | 2019-11-18 |
| HASH | 48d9e625ea3efbcbef3963c8714544a7 | 2019-02-07 | 2019-11-18 |
| HASH | 0316f6067bc02c23c1975d83c659da21 | 2018-10-24 | 2019-11-18 |
| HASH | f392492ef5ea1b399b4c0af38810b0d6 | 2018-09-13 | 2019-11-18 |
Related Reports
Shares tag: CVE-2017-8291 • Same author: Ahnlab
Shares tag: CVE-2017-8291 • Same author: Ahnlab
Shares tag: CVE-2017-8291 • Same author: Ahnlab
Shares tag: CVE-2017-8291 • Same author: Ahnlab
Shares tag: CVE-2017-8291 • Same author: Ahnlab