decalage2
commented
9 months ago Resources to be checked:
- https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
- https://www.trellix.com/en-us/about/newsroom/stories/research/breaking-down-cve-2023-36884-and-the-infection-chain.html
Samples:
- Overview_of_UWCs_UkraineInNATO_campaign.docx [2400b169ee2c38ac146c67408debc9b4fa4fca5f]: https://app.any.run/tasks/e9c2f1a4-df46-4c5d-ada0-1afe2884b856/
- Letter_NATO_Summit_Vilnius_2023_ENG (1).docx [3de83c6298a7dc6312c352d4984be8e1cb698476]: https://app.any.run/tasks/bcaebc71-511b-4a27-8c51-99285acdac71/
Is your feature request related to a problem? Please describe. CVE-2023-36884 seems to be a RCE opportunity in office files
Describe the solution you'd like Find the documents that exploit this vulnerability
Describe alternatives you've considered Blocking all office documents.