{"vulnerability": "CVE-2018-0802", "sightings": [{"uuid": "652156be-85a8-4994-83fc-91aa5983460e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/5b0d3b84-c848-45f3-84ba-3cd60a950b0c", "content": "", "creation_timestamp": "2018-05-29T12:11:33.000000Z"}, {"uuid": "2ed30697-2e0c-4e03-9ce7-3f258bf2e78b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/5b34c799-b130-4ab8-9501-43a10a950b0c", "content": "", "creation_timestamp": "2018-07-25T15:17:32.000000Z"}, {"uuid": "9942f3f1-0d9b-4147-9f56-76a71f105563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/5ddcfb2c-6cec-45ec-b383-375b0a3b4631", "content": "", "creation_timestamp": "2020-06-01T16:28:49.000000Z"}, {"uuid": "999592ff-a0bb-4a0d-9978-7aafa960e013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/5ab3b89e-7514-41b4-b842-402f02de0b81", "content": "", "creation_timestamp": "2018-03-22T14:09:48.000000Z"}, {"uuid": "09105558-9bc1-4879-9f46-699ec3c22999", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/5aba062a-8118-4885-afe0-469402de0b81", "content": "", "creation_timestamp": "2018-03-27T09:03:26.000000Z"}, {"uuid": "8b33721b-5299-44eb-b6ec-b856c9161f47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/5b768d19-6320-4b9a-b821-6aa2ac12042b", "content": "", "creation_timestamp": "2018-08-17T10:17:34.000000Z"}, {"uuid": "b9e4858e-ef2e-4741-aca7-0ccf2ef6726a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/5dd69dde-1794-49b3-bacb-4cec950d210f", "content": "", "creation_timestamp": "2019-11-29T15:31:52.000000Z"}, {"uuid": "f0267689-2462-44da-ae25-8ce3d93f3cf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/8106948a-f7c1-4454-b495-9889083755a5", "content": "", "creation_timestamp": "2020-11-01T17:05:24.000000Z"}, {"uuid": "6193b5a1-3c14-4359-8e23-3c3079e05049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/8d66b598-8174-41d8-bb65-9daad2e5bf97", "content": "", "creation_timestamp": "2020-10-09T13:12:01.000000Z"}, {"uuid": "e538d215-edad-4445-918f-2e0ac22f4799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "7c6524cc-0386-46e7-b8f0-7e81fdb77014", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/d07022ac-5b1b-4600-adc5-98731818a08d", "content": "", "creation_timestamp": "2020-10-09T13:17:53.000000Z"}, {"uuid": "cd066b8a-e643-4308-89ab-b861a4736de6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/6c533960-4b19-43bd-88d2-e3ff3bef6716", "content": "", "creation_timestamp": "2020-10-09T14:12:44.000000Z"}, {"uuid": "281d3c67-f5ab-4f37-9d2a-e5f623320818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/0cbad1e3-4b6d-413f-a234-8939127e7112", "content": "", "creation_timestamp": "2020-10-09T13:51:49.000000Z"}, {"uuid": "f5520ea8-765e-4144-aff6-0ba5f15f2d40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:18.000000Z"}, {"uuid": "01d4f2d4-1611-4c37-bf2c-73f8963b27a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/9c86c324-2d28-4616-b4f6-21d24540dcb9", "content": "", "creation_timestamp": "2020-10-09T14:14:29.000000Z"}, {"uuid": "8d627609-c01a-4a6e-a50c-56c80b5cd3e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/045668fa-07bd-434f-9daf-8df514111a2a", "content": "", "creation_timestamp": "2020-10-09T15:47:48.000000Z"}, {"uuid": "0ed05a49-69d8-429d-94ec-e94983e7b7d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/7ea48e81-db85-4da4-9cc0-7a43192e04de", "content": "", "creation_timestamp": "2020-10-09T16:21:59.000000Z"}, {"uuid": "7f6d9a9e-db90-42b4-aba7-8580530d1d7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/1fa7ef9a-3160-4379-a3f7-4ac37e33e1f4", "content": "", "creation_timestamp": "2020-10-09T14:38:57.000000Z"}, {"uuid": "3873f8b5-0799-43f2-a25f-cba4587970e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/2a330185-520a-4481-b9f3-928cd6c2dc8d", "content": "", "creation_timestamp": "2020-10-09T16:07:50.000000Z"}, {"uuid": "cb4772d0-cba9-4fb0-ac14-d2c584a81a0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/e2f94d40-1ef8-488a-98f9-8d6261ee230e", "content": "", "creation_timestamp": "2020-10-09T16:28:21.000000Z"}, {"uuid": "ddd9bdfe-1343-4380-9a39-e0aabdcdbd1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/94c21f22-a02a-4aba-98f1-bcc7bc99ba68", "content": "", "creation_timestamp": "2020-10-09T15:10:12.000000Z"}, {"uuid": "c1a02927-c8e3-4e6d-af88-c91793a2d826", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/6ce53916-8a38-4b0d-84f1-9dd8979f5513", "content": "", "creation_timestamp": "2020-10-09T16:26:58.000000Z"}, {"uuid": "e013501b-26f2-4bba-b0e1-4e0603137aef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/3c5c6bf8-4c3d-48de-8eb3-49f0d290a01a", "content": "", "creation_timestamp": "2020-10-09T16:26:28.000000Z"}, {"uuid": "04bc229e-bcfe-45ac-a55b-7c9277266b1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/52f8db6b-7392-4e4f-8f59-f25b9f5e0377", "content": "", "creation_timestamp": "2020-11-04T03:00:05.000000Z"}, {"uuid": "ac1a3fff-6d96-451a-80b7-c72930137abc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/866f2e50-efe5-4d58-85c7-33bf3a52443c", "content": "", "creation_timestamp": "2023-03-23T08:35:22.000000Z"}, {"uuid": "442b8853-865f-4490-9252-7e87464a0ca3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/972bda22-4cb4-4cb6-954d-ce93e5ec7c67", "content": "", "creation_timestamp": "2022-06-03T07:23:25.000000Z"}, {"uuid": "b3e93f2a-306f-4d98-8537-97a7c909112d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/55996610-9a10-4b25-99ac-301a3667cf02", "content": "", "creation_timestamp": "2022-06-09T10:04:11.000000Z"}, {"uuid": "5ba20306-0be5-4e66-9c64-bc716ff79be6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/2acd7b8b-14ab-4995-bac6-d5e7b10edbfb", "content": "", "creation_timestamp": "2023-12-13T17:40:03.000000Z"}, {"uuid": "517f3e9f-40d8-4353-b9f4-6cebb59c0edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://bsky.app/profile/cyberhexagone.fr/post/3ldz2uesqvs2v", "content": "", "creation_timestamp": "2024-12-23T23:17:55.160364Z"}, {"uuid": "1c2ebf81-1e6c-4ae4-824c-c31d64a49e33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971001", "content": "", "creation_timestamp": "2024-12-24T20:22:53.340086Z"}, {"uuid": "7a192309-cddf-4e7d-9593-324625e5f07f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971002", "content": "", "creation_timestamp": "2024-12-24T20:22:54.197415Z"}, {"uuid": "4188007a-3d8f-4fbf-96ec-370a7e219f3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lebx2nyzht2u", "content": "", "creation_timestamp": "2024-12-27T12:03:47.338307Z"}, {"uuid": "bb2f6c88-d0d0-4cd5-a00a-f4d80ab6a6ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://thehackernews.com/2024/12/cloud-atlas-deploys-vbcloud-malware.html", "content": "", "creation_timestamp": "2024-12-27T10:10:00.000000Z"}, {"uuid": "6c539845-2bda-4681-9321-98e794dd03d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-9d1c9d9f-675cdbc3d8f48478", "content": "", "creation_timestamp": "2025-03-01T00:19:16.312235Z"}, {"uuid": "db334db2-7d53-435b-8095-4cf3970ee905", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-50f1a5f6-768cfe71f5758dad", "content": "", "creation_timestamp": "2025-05-30T12:09:25.464496Z"}, {"uuid": "06e9a335-77f1-40a5-871c-8943ba4caac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:40.000000Z"}, {"uuid": "c15eaf0e-d6f5-4a89-b0e6-145e8c8d15f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-5996e413-521accfb6cd2622e", "content": "", "creation_timestamp": "2025-08-27T14:01:54.713321Z"}, {"uuid": "7d781503-5582-497d-b0ff-36db44e72b23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-be4c6ae6-41d04d89fb236f71", "content": "", "creation_timestamp": "2025-08-30T10:23:38.892186Z"}, {"uuid": "597b5a73-c5cb-4a4d-a0f7-fb005c212fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:02.000000Z"}, {"uuid": "8de8e921-ba1c-4ab3-af0a-94b2902fd6d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://gist.github.com/Darkcrai86/b95ad3c09e144b1374ba582c8572df1a", "content": "", "creation_timestamp": "2025-08-29T13:26:19.000000Z"}, {"uuid": "b6c96120-2380-402c-9441-e95d1d724f2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://gist.github.com/Darkcrai86/8e24c88946a42f8f80b0ea8fada3c6be", "content": "", "creation_timestamp": "2025-08-29T20:08:55.000000Z"}, {"uuid": "c92581b9-e5fa-444d-97e8-bc2692bb021e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-c39acbe0-91886c343547fcce", "content": "", "creation_timestamp": "2025-12-05T12:35:57.776639Z"}, {"uuid": "e2904294-5920-445d-8d7a-ae9552af6de3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-1fdfda19-2805a58255f192e9", "content": "", "creation_timestamp": "2026-03-06T10:29:25.675181Z"}, {"uuid": "8b51adfc-2766-4cbc-8831-a1fb22ebaa3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://bsky.app/profile/pvynckier.bsky.social/post/3mevh7ys7zc2m", "content": "", "creation_timestamp": "2026-02-15T11:39:59.740096Z"}, {"uuid": "5d7f245a-dfd0-4777-8ce5-da52d148cce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://infosec.exchange/users/technadu/statuses/116051420491972584", "content": "", "creation_timestamp": "2026-02-11T10:02:27.145803Z"}, {"uuid": "2d0edf4e-64b0-4f7a-b81b-5b869aee1dbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116119971185192910", "content": "", "creation_timestamp": "2026-02-23T12:35:46.627570Z"}, {"uuid": "351def3c-aa75-4dfd-a99e-aa9a397f507f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://bsky.app/profile/e-kiledjian.bsky.social/post/3mfjo44ieus2f", "content": "", "creation_timestamp": "2026-02-23T12:36:14.806342Z"}, {"uuid": "0068f455-0916-47a2-aadd-e28a36e75b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://threatintel.cc/2026/02/23/hackers-use-excel-exploit-to.html", "content": "", "creation_timestamp": "2026-02-23T11:35:54.000000Z"}, {"uuid": "313f7305-901c-4ba1-954d-487e0469d2f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-1881dd9d-ae5b04479c91c9fe", "content": "", "creation_timestamp": "2025-12-19T14:57:41.439352Z"}, {"uuid": "e355c808-330f-48f6-bdf4-6cdd773d8948", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2018-0802", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3maw3fisvxc2i", "content": "", "creation_timestamp": "2025-12-26T20:00:06.237813Z"}, {"uuid": "372cdf19-124f-4733-a6fb-a86a7537877c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2018-0802", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1b9c43d9-fd15-4ff8-93a6-64204aa109fd", "content": "", "creation_timestamp": "2026-02-02T12:28:53.644288Z"}, {"uuid": "921d6105-e064-4d18-b595-b8f48f5ca819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://bsky.app/profile/tamosan.bsky.social/post/3mfnihorwv2ie", "content": "", "creation_timestamp": "2026-02-25T01:05:59.377035Z"}, {"uuid": "307df044-61ed-426a-8ab4-f39df7ebaf8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mflqkjx5mc2s", "content": "", "creation_timestamp": "2026-02-24T08:25:24.873709Z"}, {"uuid": "17ddf33d-50d3-45d2-aa44-90db7ac35085", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://t.me/true_secator/7978", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0432 \u0441\u0432\u043e\u0435\u043c \u043d\u043e\u0432\u043e\u043c \u043e\u0442\u0447\u0435\u0442\u0435 \u043a\u043e\u043d\u0441\u0442\u0430\u0442\u0438\u0440\u0443\u044e\u0442, \u0447\u0442\u043e 4 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2025 \u0441\u0442\u0430\u043b \u043e\u0434\u043d\u0438\u043c \u0438\u0437 \u0441\u0430\u043c\u044b\u0445 \u043d\u0430\u0441\u044b\u0449\u0435\u043d\u043d\u044b\u0445 \u043f\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0443 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0439 \u0433\u0440\u043e\u043c\u043a\u0438\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430\u0445 \u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445.\n\n\u0410\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u0432 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u041b\u041a \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0432 \u044d\u0442\u043e\u043c \u043f\u043b\u0430\u043d\u0435 \u041e\u0421 Linux \u0441\u0442\u0430\u043b\u0430 \u0441\u043b\u0438\u0448\u043a\u043e\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0430. \u041d\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b \u0433\u043e\u0434\u0430 \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u044b \u0432\u0441\u0435\u0445 \u0430\u0442\u0430\u043a \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438 \u0434\u043b\u044f Linux \u043e\u0442 \u0441\u0443\u043c\u043c\u0430\u0440\u043d\u044b\u0445 \u0433\u043e\u0434\u043e\u0432\u044b\u0445 \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439.\u00a0\n\n\u0412 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, \u043f\u0440\u0438\u0447\u0438\u043d\u043e\u0439 \u0442\u0430\u043a\u043e\u0433\u043e \u0432\u0441\u043f\u043b\u0435\u0441\u043a\u0430 \u0441\u0442\u0430\u043b\u043e \u0431\u044b\u0441\u0442\u0440\u043e\u0440\u0430\u0441\u0442\u0443\u0449\u0435\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Linux.\n\n\u041a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0438\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0438 \u0448\u0438\u0440\u043e\u043a\u043e\u0437\u0430\u0445\u0432\u0430\u0442\u043d\u044b\u0445 \u0430\u0442\u0430\u043a. \u0412 \u043e\u0431\u043e\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 - \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0430 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u0430.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u0438\u0437\u0431\u0438\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a:\n- \u043f\u043e\u0434 \u043f\u0440\u0438\u0446\u0435\u043b\u043e\u043c \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0441\u0442\u0430\u0440\u044b\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b Linux, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044e\u0442\u0441\u044f: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Dirty Pipe, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Netfilter (CVE-2022-0847, CVE-2019-13272, CVE-2021-22555, CVE-2023-32233);\n- \u0434\u043b\u044f \u041e\u0421 Windows \u0442\u0435\u043c\u043f\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0441\u043d\u0438\u0437\u0438\u043b\u0438\u0441\u044c \u0434\u043e \u0441\u0430\u043c\u043e\u0433\u043e \u043d\u0438\u0437\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0432 2025 \u0433\u043e\u0434\u0443, \u043d\u043e \u043e\u043d\u0438 \u0432\u0441\u0451 \u0440\u0430\u0432\u043d\u043e \u043f\u0440\u0435\u0432\u044b\u0448\u0430\u044e\u0442 \u043d\u0430\u0447\u0430\u043b\u043e 2024-\u0433\u043e, \u0434\u043e\u043c\u0438\u043d\u0438\u0440\u0443\u044e\u0442 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0435 CVE-2017-11882 \u0438 CVE-2018-0802 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Equation Editor \u0438\u0437 Microsoft Office, CVE-2017-0199 \u0432 Microsoft Office \u0438 WordPad.\n\n\u041a\u0430\u043a \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0445, \u0442\u0430\u043a \u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u0435\u0435 \u043f\u043e\u0434 \u0443\u0434\u0430\u0440 \u043f\u043e\u043f\u0430\u0434\u0430\u044e\u0442 \u0432 \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0430\u0445. \u0412 2025 \u0433\u043e\u0434\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 WinRAR (CVE-2023-38831, CVE-2025-6218 \u0438 -8088) \u0438 7-Zip (CVE-2025-11001).\n\n\u041f\u043e \u0447\u0430\u0441\u0442\u0438 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0430\u0442\u0430\u043a:\n- \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0441\u0432\u0435\u0436\u0438\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043f\u043e\u043b\u0433\u043e\u0434\u0430;\n- \u0441 \u0433\u0438\u0433\u0430\u043d\u0442\u0441\u043a\u0438\u043c \u043e\u0442\u0440\u044b\u0432\u043e\u043c \u0434\u043e\u043c\u0438\u043d\u0438\u0440\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f React4shell, \u0442\u0430\u043a\u0436\u0435 \u0432 \u0442\u0440\u043e\u0439\u043a\u0435 \u043b\u0438\u0434\u0435\u0440\u043e\u0432 \u0442\u0430\u043a\u0436\u0435 CVE-2025-61882 \u0432 Oracle E-Business Suite \u0438 CVE-2025-8088 \u0432 WinRAR;\n- \u043c\u043d\u043e\u0433\u0438\u0435 CVE \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u043e\u0441\u0442\u0430\u043d\u0443\u0442\u0441\u044f \u0432 \u0440\u0435\u0439\u0442\u0438\u043d\u0433\u0435 \u043d\u0430\u0434\u043e\u043b\u0433\u043e, \u0434\u043b\u044f \u0438\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u043f\u043e\u0441\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044e\u0442 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u044b \u043d\u0430 \u0431\u0430\u0437\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 Silver, Mythic, Havoc \u0438 Metasploit.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430, \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u0438 \u0440\u0430\u0437\u0431\u043e\u0440 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 \u041b\u041a.", "creation_timestamp": "2026-03-10T15:26:05.000000Z"}, {"uuid": "ba0610b0-acea-4553-97ff-0a69f275a030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://t.me/kasperskyb2b/2103", "content": "\u2755 \u0422\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u0432 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: \u041e\u0421 Linux \u0441\u0442\u0430\u043b\u0430 \u0441\u043b\u0438\u0448\u043a\u043e\u043c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u0430 \n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u00ab\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e\u00bb \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0430\u0445 \u0432 4 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430.  \u041a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u043a\u0430\u0440\u0442\u0438\u043d\u0430 \u0441\u0438\u043b\u044c\u043d\u043e \u0440\u0430\u0437\u043b\u0438\u0447\u0430\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0438 \u0448\u0438\u0440\u043e\u043a\u043e\u0437\u0430\u0445\u0432\u0430\u0442\u043d\u044b\u0445 \u0430\u0442\u0430\u043a, \u043d\u043e \u0438 \u0442\u0430\u043c, \u0438 \u0442\u0430\u043c \u043d\u0435\u0441\u043a\u0443\u0447\u043d\u043e. \n\n\u041d\u0435\u0438\u0437\u0431\u0438\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438:\n\ud83d\udfe3 \u043a\u043e\u0441\u043c\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0440\u043e\u0441\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043d\u0430 \u0441\u0435\u043c\u0435\u0439\u0441\u0442\u0432\u0435 \u041e\u0421 *nix \u2014 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0430 \u0432\u0441\u0435\u0445 \u0430\u0442\u0430\u043a \u0437\u0430 2025 \u0433\u043e\u0434 \u043f\u0440\u0438\u0448\u043b\u0430\u0441\u044c \u043d\u0430 4 \u043a\u0432\u0430\u0440\u0442\u0430\u043b. \u041e\u0431\u0443\u0441\u043b\u043e\u0432\u043b\u0435\u043d\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u044b, \u043d\u043e \u0438 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u0438\u0437\u0430\u0446\u0438\u0435\u0439 Linux \u0434\u043b\u044f \u0434\u0435\u0441\u043a\u0442\u043e\u043f\u043e\u0432;\n\ud83d\udfe3\u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u044e\u0442\u0441\u044f \u0430\u0442\u0430\u043a\u0435 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u0434\u0440\u0435\u0432\u043d\u0438\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b Linux, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043d\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044e\u0442\u0441\u044f: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Dirty Pipe, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Netfilter. \u042d\u0442\u043e CVE-2022-0847, CVE-2019-13272, CVE-2021-22555, CVE-2023-32233;\n\ud83d\udfe3 \u0434\u043b\u044f \u041e\u0421 Windows \u0442\u0435\u043c\u043f\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0441\u043d\u0438\u0437\u0438\u043b\u0438\u0441\u044c \u0434\u043e \u0441\u0430\u043c\u043e\u0433\u043e \u043d\u0438\u0437\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0432 2025 \u0433\u043e\u0434\u0443, \u043d\u043e \u043e\u043d\u0438 \u0432\u0441\u0451 \u0440\u0430\u0432\u043d\u043e \u043f\u0440\u0435\u0432\u044b\u0448\u0430\u044e\u0442 \u043d\u0430\u0447\u0430\u043b\u043e 2024-\u0433\u043e;\n\ud83d\udfe3 \u0434\u043e\u043c\u0438\u043d\u0438\u0440\u0443\u044e\u0442 \u0442\u0430\u043a\u0436\u0435 \u0434\u0440\u0435\u0432\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438: CVE-2017-11882 \u0438 CVE-2018-0802 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Equation Editor \u0438\u0437 \u043f\u0430\u043a\u0435\u0442\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Microsoft Office, CVE-2017-0199 \u0432 Microsoft Office \u0438 WordPad.\n\n\u041a\u0430\u043a \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0445, \u0442\u0430\u043a \u0438 \u043c\u0430\u0441\u0441\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445, \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0430\u043a\u0442\u0438\u0432\u043d\u0435\u0435 \u0446\u0435\u043b\u044f\u0442\u0441\u044f \u0432 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u043e\u0432. \u0412 2025 \u0433\u043e\u0434\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 WinRAR (CVE-2023-38831, CVE-2025-6218 \u0438 -8088) \u0438 7-Zip (CVE-2025-11001).\n\n\u0426\u0435\u043b\u0435\u0432\u044b\u0435 \u0430\u0442\u0430\u043a\u0438:\n\ud83d\udfe3 \u0432 \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0441\u0432\u0435\u0436\u0438\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043f\u043e\u043b\u0433\u043e\u0434\u0430;\n\ud83d\udfe3 \u0441 \u0433\u0438\u0433\u0430\u043d\u0442\u0441\u043a\u0438\u043c \u043e\u0442\u0440\u044b\u0432\u043e\u043c \u0434\u043e\u043c\u0438\u043d\u0438\u0440\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f React4shell, \u0432 \u0442\u0440\u043e\u0439\u043a\u0435 \u043b\u0438\u0434\u0435\u0440\u043e\u0432 \u0442\u0430\u043a\u0436\u0435 CVE-2025-61882 \u0432 Oracle E-Business Suite \u0438 CVE-2025-8088 \u0432 WinRAR;\n\ud83d\udfe3 \u043c\u043d\u043e\u0433\u0438\u0435 CVE \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0437\u0430\u043a\u0440\u0435\u043f\u044f\u0442\u0441\u044f \u0432 \u0445\u0438\u0442-\u043f\u0430\u0440\u0430\u0434\u0435 \u043d\u0430\u0434\u043e\u043b\u0433\u043e, \u0434\u043b\u044f \u0438\u0445 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n\ud83d\udfe3 \u043f\u043e\u0441\u043b\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u0440\u0430\u0437\u0432\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u044e\u0442 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u044b \u043d\u0430 \u0431\u0430\u0437\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 Silver, Mythic, Havoc \u0438 Metasploit.\n\n\ud83d\udccc \u0412 \u043f\u043e\u043b\u043d\u043e\u043c \u043e\u0442\u0447\u0451\u0442\u0435 \u043d\u0430 \u0441\u0430\u0439\u0442\u0435 Securelist \u044d\u0442\u0438 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u043d\u044b \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e, \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u044b \u0441\u0432\u044f\u0437\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0441 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u044b \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0438 \u0432\u0430\u0436\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 2025 \u0433\u043e\u0434\u0430. \n\n#\u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2026-03-10T14:02:31.000000Z"}, {"uuid": "302b4adc-e19b-4b9d-9c41-24c82db72dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://t.me/true_secator/7370", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0433\u043e\u0442\u043e\u0432\u0438\u0442\u044c \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u043e\u0442\u0447\u0435\u0442 \u0437\u0430 2 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2025 \u0433\u043e\u0434\u0430.\n\n\u0420\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c \u0432\u0435\u0441\u044c\u043c\u0430 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u043d\u043e\u0439.\n\n\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435\u0445 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430: UEFI, \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u043e\u0432, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0438 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439. \n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043d\u0430\u0448\u0435\u043c\u0443 \u0430\u043d\u0430\u043b\u0438\u0437\u0443, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438, \u043a\u0430\u043a \u0438 \u0432 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u043f\u0435\u0440\u0438\u043e\u0434\u044b,\u00a0\u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c.\n\n\u0412\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430, \u043a\u0430\u043a \u0438 \u043f\u0440\u0435\u0436\u0434\u0435, \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u0431\u044b\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Microsoft Office, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0420\u0435\u0448\u0435\u043d\u0438\u044f \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0442\u044c \u043d\u0430\u0438\u0431\u043e\u043b\u044c\u0448\u0435\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Windows \u0434\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: CVE-2018-0802 (RCE\u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Equation Editor), CVE-2017-11882 (\u0435\u0449\u0435 \u043e\u0434\u043d\u0430 RCE \u0432 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0435 \u0444\u043e\u0440\u043c\u0443\u043b), CVE-2017-0199 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Microsoft Office \u0438 WordPad, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439).\n\n\u0414\u0430\u043b\u0435\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 WinRAR \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 NetNTLM \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows: CVE-2023-38831 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 WinRAR), CVE-2025-24071 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0432\u043e\u0434\u043d\u0438\u043a\u0430 Windows) \u0438 CVE-2024-35250 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u00a0ks.sys).\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: CVE-2022-0847 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Dirty Pipe), CVE-2019-13272 (EoP-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043d\u0430\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439) \u0438 CVE-2021-22555 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u0443\u0447\u0438 \u0432 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u044f\u0434\u0440\u0430 Netfilter).\n\n\u0412\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043c\u044b \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043f\u043e \u0442\u0438\u043f\u0430\u043c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u043b\u043e \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u0438 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u043e\u0442\u0447\u0435\u0442\u0435 \u0442\u0430\u043a\u0436\u0435 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430\u0445 C2 (Sliver, Metasploit, Havoc \u0438 Brute Ratel C4) \u0432 \u043f\u0435\u0440\u0432\u043e\u0439 \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0435 2025 \u0433\u043e\u0434\u0430.\n\n\u041f\u043e\u0441\u043b\u0435 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u044f \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432 \u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043e\u0431\u0440\u0430\u0437\u0446\u043e\u0432 \u0430\u0433\u0435\u043d\u0442\u043e\u0432 C2, \u0432 \u041b\u041a \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0438 \u0432 APT-\u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u0443\u0447\u0430\u0441\u0442\u0438\u0435\u043c \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044b\u0445 \u0432\u044b\u0448\u0435 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u043e\u0432 C2 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n\n- CVE-2025-31324 \u0432 SAP NetWeaver Visual Composer Metadata Uploader: \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 10,0.\n\n- CVE-2024-1709 \u0432 ConnectWise ScreenConnect 23.9.7: \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043e\u0431\u0445\u043e\u0434\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0442\u0430\u043a\u0436\u0435 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 10,0.\n\n- CVE-2024-31839, XSS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0435 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f CHAOS v5.0.1: \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a EoP.\n\n- CVE-2024-30850, RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 CHAOS v5.0.1: \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e.\n\n- CVE-2025-33053: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u0430\u044f \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u0440\u0430\u0431\u043e\u0447\u0435\u0433\u043e \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 \u0434\u043b\u044f LNK-\u0444\u0430\u0439\u043b\u043e\u0432 \u0432 Windows: \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\n\n\u0427\u0435\u0442\u043a\u0430\u044f \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430, \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u044c\u043d\u044b\u0439 TOP 10 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\u00a0\u0438 \u0440\u0430\u0437\u0431\u043e\u0440 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0437\u043d\u0430\u0447\u0438\u043c\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-08-27T15:30:05.000000Z"}, {"uuid": "77384d4d-22b3-4e0b-adce-59bc4349bbb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://t.me/arpsyndicate/1438", "content": "#ExploitObserverAlert\n\nCVE-2018-0802\n\nDESCRIPTION: Exploit Observer has 81 entries related to CVE-2018-0802. Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.\n\nFIRST-EPSS: 0.972110000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-05T09:01:31.000000Z"}, {"uuid": "9c9f378d-33ed-41b5-a16f-132e71dfefc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://t.me/true_secator/7103", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0431\u043e\u043c\u0431\u0438\u0442\u044c \u043e\u0442\u0447\u0435\u0442\u0430\u043c\u0438, \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043f\u043e\u0434\u043e\u0433\u043d\u0430\u043b\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0437\u0430 \u043f\u0435\u0440\u0432\u044b\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2025 \u0433\u043e\u0434\u0430.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u043b\u0430\u0441\u044c \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 2024 \u0433\u043e\u0434\u0443, \u0442\u0430\u043a \u043a\u0430\u043a \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435 \u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0430 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0442 \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0430 \u0438\u0445 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u043e\u043c \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0433\u043e\u0434\u044b.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u043c\u043d\u043e\u0433\u0438\u0435 CWE \u0438\u0437 TOP 10 \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439 Microsoft \u0438 \u044f\u0434\u0440\u0430 Linux \u0441\u043e\u0432\u043f\u0430\u0434\u0430\u044e\u0442 \u0438\u043b\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c\u0438, \u0430 \u0437\u043d\u0430\u0447\u0438\u0442, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0441\u0445\u043e\u0436\u0438\u0445 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u0430\u0445, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u0447\u0430\u0441\u0442\u043e \u043a \u00ab\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e\u00bb \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0430\u0442\u0430\u043a \u0434\u043b\u044f Linux \u043d\u0430 Windows \u0438 \u043d\u0430\u043e\u0431\u043e\u0440\u043e\u0442.\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0430\u0442\u0430\u043a \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u0432\u044b\u0440\u043e\u0441\u043b\u043e \u043f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043f\u0435\u0440\u0438\u043e\u0434\u043e\u043c \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u041a\u0430\u043a \u0438 \u043f\u0440\u0435\u0436\u0434\u0435, \u043b\u044c\u0432\u0438\u043d\u0430\u044f \u0434\u043e\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Microsoft Office.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442, \u0447\u0442\u043e \u0447\u0430\u0449\u0435 \u0438\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u0442\u0430\u0440\u044b\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2018-0802, CVE-2017-11882 (\u043e\u0431\u0435 RCE \u0432 Equation Editor), CVE-2017-0199 (Microsoft Office \u0438 WordPad).\n\n\u0412\u0441\u0435 \u0442\u0440\u0438 \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0438\u0441\u044c \u0441\u0430\u043c\u044b\u043c\u0438 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 2024 \u0433\u043e\u0434\u0430, \u0438 \u043c\u044b \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c, \u0447\u0442\u043e \u0442\u0430\u043a\u0430\u044f \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u0441\u044f \u0438 \u0432 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c.\n\n\u0417\u0430 \u043d\u0438\u043c\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0442 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 WinRAR \u0438 \u0432 \u0441\u0430\u043c\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows: CVE-2023-38831 (WinRAR), CVE-2024-35250 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430\u00a0ks.sys) \u0438 CVE-2022-3699 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 Lenovo Diagnostics).\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0431\u043e\u043b\u044c\u0448\u0435 \u0432\u0441\u0435\u0433\u043e \u0431\u044b\u043b\u043e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c: CVE-2022-0847 (Dirty Pipe), CVE-2019-13272 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043d\u0430\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439) \u0438 CVE-2021-3156 (\u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u0443\u0442\u0438\u043b\u0438\u0442\u0435\u00a0sudo).\n\n\u0412 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043a\u0430\u043a \u0441\u0430\u043c\u043e\u0435 \u0441\u043b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0435, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043b\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u0443 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0444\u0438\u043a\u0441\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0441\u0442\u0430\u0431\u0438\u043b\u044c\u043d\u044b\u0439 \u0440\u043e\u0441\u0442 \u0447\u0438\u0441\u043b\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u043c - \u044d\u0442\u0430 \u0442\u0435\u043d\u0434\u0435\u043d\u0446\u0438\u044f \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u043b\u0430\u0441\u044c \u0438 \u043d\u0430 \u043f\u0440\u043e\u0442\u044f\u0436\u0435\u043d\u0438\u0438 \u0432\u0441\u0435\u0433\u043e \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u0433\u043e\u0434\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u0443\u0432\u0435\u043b\u0438\u0447\u0438\u043b\u0430\u0441\u044c \u0434\u043e\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Microsoft Office.\n\n\u0418\u0437\u0443\u0447\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 APT, \u0432 \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0435\u0441\u044f \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430: CVE-2025-0282, CVE-2024-21887 \u0438 CVE-2025-0283 (Ivanti Connect Secure), CVE-2020-1472 (Netlogon Windows), CVE-2023-46805 (Ivanti ICS), CVE-2023-48788 (Fortinet) \u0438 \u0434\u0440.\n\n\u041e\u0442\u043c\u0435\u0442\u0438\u043c, \u0447\u0442\u043e \u0432 TOP 10 \u0432\u0435\u0440\u043d\u0443\u043b\u0430\u0441\u044c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zerologon, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0443 \u0434\u043e\u043c\u0435\u043d\u0430.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0432 \u043f\u0435\u0440\u0432\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2025 \u0433\u043e\u0434\u0430 \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u041b\u041a \u0432\u044b\u0434\u0435\u043b\u0438\u043b\u0438: \n\n- ZDI-CAN-25373: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 lnk-\u0444\u0430\u0439\u043b\u043e\u0432 \u0432 \u041e\u0421 Windows;\n\n- CVE-2025-21333: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043a\u0443\u0447\u0435 \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 vkrnlintvsp.sys;\n\n- CVE-2025-24071: \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0442\u0435\u0447\u043a\u0438 NetNTLM-\u0445\u044d\u0448\u0430 \u0432 \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u0442\u043e\u0440\u0435 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u0438 \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-06-04T18:00:07.000000Z"}, {"uuid": "92d7d075-b406-44ec-8e54-9604fd9a101b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "exploited", "source": "Telegram/z9AEqKItZyUv36ZRV050nYRUgzwrIPil9F3C66dIKqg-ng", "content": "", "creation_timestamp": "2024-12-27T15:33:22.000000Z"}, {"uuid": "033ecfb4-e663-452d-83e9-a49b5be2568d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://t.me/arpsyndicate/100", "content": "#ExploitObserverAlert\n\nCVE-2018-0802\n\nDESCRIPTION: Exploit Observer has 78 entries related to CVE-2018-0802. Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.\n\nFIRST-EPSS: 0.973170000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-12T01:31:24.000000Z"}, {"uuid": "3cf6439d-cd8e-4963-bdfe-d01d2bd66f9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "exploited", "source": "https://t.me/true_secator/6599", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0438 \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e VBCloud \u0432 \u0430\u0440\u0441\u0435\u043d\u0430\u043b\u0435 Cloud Atlas, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u043e\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u0435\u0441\u044f\u0442\u043a\u043e\u0432 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 2024 \u0433\u043e\u0434\u0443.\n\n\u0416\u0435\u0440\u0442\u0432\u044b \u0437\u0430\u0440\u0430\u0436\u0430\u043b\u0438\u0441\u044c \u0447\u0435\u0440\u0435\u0437 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u043f\u0438\u0441\u044c\u043c\u0430, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0435 \u0444\u043e\u0440\u043c\u0443\u043b (CVE-2018-0802) \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0411\u043e\u043b\u0435\u0435 80% \u0446\u0435\u043b\u0435\u0439 \u043d\u0430\u0445\u043e\u0434\u0438\u043b\u0438\u0441\u044c \u0432 \u0420\u043e\u0441\u0441\u0438\u0438. \u041c\u0435\u043d\u044c\u0448\u0435\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0436\u0435\u0440\u0442\u0432 \u0431\u044b\u043b\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u0432 \u0411\u0435\u043b\u0430\u0440\u0443\u0441\u0438, \u041a\u0430\u043d\u0430\u0434\u0435, \u041c\u043e\u043b\u0434\u043e\u0432\u0435, \u0418\u0437\u0440\u0430\u0438\u043b\u0435, \u041a\u0438\u0440\u0433\u0438\u0437\u0438\u0438, \u0422\u0443\u0440\u0446\u0438\u0438 \u0438 \u0412\u044c\u0435\u0442\u043d\u0430\u043c\u0435.\n\nCloud Atlas, \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043a\u0430\u043a Clean Ursa,  nception, Oxygen \u0438 Red October, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439\u00a0\u043a\u043b\u0430\u0441\u0442\u0435\u0440 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u0441 2014 \u0433\u043e\u0434\u0430.\n\n\u0412 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430 \u0433\u0440\u0443\u043f\u043f\u0430 \u0431\u044b\u043b\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043a\u0438\u0431\u0435\u0440\u0430\u0442\u0430\u043a\u0430\u043c\u0438, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u0420\u043e\u0441\u0441\u0438\u044e, \u0411\u0435\u043b\u0430\u0440\u0443\u0441\u044c \u0438 \u041f\u0440\u0438\u0434\u043d\u0435\u0441\u0442\u0440\u043e\u0432\u044c\u0435, \u0432 \u0445\u043e\u0434\u0435 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0441\u044f \u0431\u044d\u043a\u0434\u043e\u0440 \u043d\u0430 \u0431\u0430\u0437\u0435 PowerShell \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c PowerShower.\n\n\u041f\u043e\u043f\u0430\u0434\u0430\u043b\u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u043f\u043e\u043b\u0435 \u0437\u0440\u0435\u043d\u0438\u044f F.A.C.C.T. \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u043c\u0438 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0441\u0442\u0430\u0440\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 \u0444\u043e\u0440\u043c\u0443\u043b Microsoft Office (CVE-2017-11882) \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 Visual Basic Script (VBS), \u043e\u0442\u0432\u0435\u0447\u0430\u044e\u0449\u0435\u0439 \u0437\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e VBS \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0442\u0447\u0435\u0442\u0443 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u044d\u0442\u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u044b \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0447\u0430\u0441\u0442\u044c\u044e \u0442\u0430\u043a \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u043c\u043e\u0433\u043e VBShower, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0442\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 PowerShower, \u0430 \u0442\u0430\u043a\u0436\u0435 VBCloud.\n\n\u041d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u043e\u0439 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0430\u0442\u0430\u043a \u0432\u044b\u0441\u0442\u0443\u043f\u0430\u0435\u0442 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u043e\u0435 \u043f\u0438\u0441\u044c\u043c\u043e, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0435\u0435 \u0432\u0440\u0435\u0434\u043e\u0441\u043d\u043e\u0441\u043d\u044b\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 Microsoft Office, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0448\u0430\u0431\u043b\u043e\u043d \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 RTF \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430.\n\n\u0417\u0430\u0442\u0435\u043c \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 CVE-2018-0802, \u0435\u0449\u0435 \u043e\u0434\u043d\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0435 \u0444\u043e\u0440\u043c\u0443\u043b, \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0444\u0430\u0439\u043b\u0430 HTML-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f (HTA), \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0430 \u0442\u043e\u043c \u0436\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u043e\u0442\u043e\u043a\u043e\u0432 \u0434\u0430\u043d\u043d\u044b\u0445 (NTFS ADS) \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0438 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432 %APPDATA%\\Roaming\\Microsoft\\Windows\\, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0431\u044d\u043a\u0434\u043e\u0440 VBShower, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043b\u0430\u0443\u043d\u0447\u0435\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442 \u043a\u0430\u043a \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a, \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044f \u043c\u043e\u0434\u0443\u043b\u044c \u0431\u044d\u043a\u0434\u043e\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u0414\u0440\u0443\u0433\u043e\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 VB - \u044d\u0442\u043e \u043e\u0447\u0438\u0441\u0442\u0438\u0442\u0435\u043b\u044c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e \u0432\u0441\u0435\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0432\u043d\u0443\u0442\u0440\u0438 \u043f\u0430\u043f\u043a\u0438 \"\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\\", \u0432 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432\u043d\u0443\u0442\u0440\u0438 \u043d\u0435\u0433\u043e \u0438 \u043b\u0430\u0443\u043d\u0447\u0435\u0440\u0430, \u0442\u0435\u043c \u0441\u0430\u043c\u044b\u043c \u0441\u043a\u0440\u044b\u0432\u0430\u044f \u0441\u043b\u0435\u0434\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438.\n\n\u0411\u044d\u043a\u0434\u043e\u0440 VBShower \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d \u0434\u043b\u044f \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 VBS \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 C2, \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0441\u0431\u043e\u0440\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u0444\u0430\u0439\u043b\u0430\u0445, \u0438\u043c\u0435\u043d\u0430\u0445 \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432 \u0438 \u0437\u0430\u0434\u0430\u0447\u0430\u0445 \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0449\u0438\u043a\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 PowerShower \u0438 VBCloud.\n\nPowerShower \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u0435\u043d VBShower \u043f\u043e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438, \u0433\u043b\u0430\u0432\u043d\u043e\u0435 \u043e\u0442\u043b\u0438\u0447\u0438\u0435 \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043e\u043d \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0441\u043a\u0440\u0438\u043f\u0442\u044b PowerShell \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u044d\u0442\u0430\u043f\u0430 \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 C2. \u041e\u043d \u0442\u0430\u043a\u0436\u0435 \u043e\u0441\u043d\u0430\u0449\u0435\u043d \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u0434\u043b\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u0430\u0440\u0445\u0438\u0432\u043e\u0432 ZIP.\n\nVBCloud \u0442\u0430\u043a\u0436\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u043e \u043c\u043d\u043e\u0433\u043e\u043c \u043a\u0430\u043a VBShower, \u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0441\u043b\u0443\u0436\u0431\u0443 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u043e\u0431\u043b\u0430\u0447\u043d\u043e\u0433\u043e \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430 \u0434\u043b\u044f \u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u0439 C2. \u041e\u043d \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0437\u0430\u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0437\u0430\u0434\u0430\u0447\u0435\u0439 \u043a\u0430\u0436\u0434\u044b\u0439 \u0440\u0430\u0437, \u043a\u043e\u0433\u0434\u0430 \u0436\u0435\u0440\u0442\u0432\u0430 \u0432\u0445\u043e\u0434\u0438\u0442 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u0430 \u0441\u043e\u0431\u0438\u0440\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0434\u0438\u0441\u043a\u0430\u0445, \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043c\u0435\u0442\u0430\u0434\u0430\u043d\u043d\u044b\u0435, \u0444\u0430\u0439\u043b\u044b \u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b \u0441 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f\u043c\u0438 DOC, DOCX, XLS, XLSX, PDF, TXT, RTF \u0438 RAR, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0444\u0430\u0439\u043b\u044b, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 Telegram.\n\n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, PowerShower \u0438\u0441\u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0443\u044e \u0441\u0435\u0442\u044c \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u0441\u0442\u0432\u0443\u0435\u0442 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u044e, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a VBCloud \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043a\u0440\u0430\u0434\u0435\u0442 \u0444\u0430\u0439\u043b\u044b. \u0426\u0435\u043f\u043e\u0447\u043a\u0430 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u044d\u0442\u0430\u043f\u043e\u0432 \u0438 \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u043d\u0430 \u043a\u0440\u0430\u0436\u0443 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u0412\u0441\u0435 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u044b - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2024-12-28T16:30:05.000000Z"}, {"uuid": "86542161-6467-46ae-904c-98e11a99a34f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "exploited", "source": "https://t.me/true_secator/6124", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0443 \u043f\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c \u0437\u0430 \u0432\u0442\u043e\u0440\u043e\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2024 \u0433\u043e\u0434\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u043d\u0430\u0441\u044b\u0449\u0435\u043d\u043d\u044b\u043c \u0441 \u0442\u043e\u0447\u043a\u0438 \u0437\u0440\u0435\u043d\u0438\u044f \u043d\u043e\u0432\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0438 \u043c\u0435\u0442\u043e\u0434\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u0412 \u043d\u043e\u0432\u043e\u043c \u043e\u0442\u0447\u0435\u0442\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0430 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0439 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0440\u0435\u0437\u044b \u043f\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c.\n\n\u041e\u0431\u0449\u0435\u0435 \u0447\u0438\u0441\u043b\u043e \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u0440\u0435\u0432\u044b\u0441\u0438\u043b\u043e \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0438 \u0437\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439 \u043f\u0435\u0440\u0438\u043e\u0434 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0433\u043e \u0433\u043e\u0434\u0430, \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044f \u0434\u0438\u043d\u0430\u043c\u0438\u043a\u0435 \u043f\u0440\u043e\u0448\u043b\u043e\u0433\u043e \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0430.\n\n\u0414\u043e\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 PoC \u0438 \u043e\u0442\u043d\u043e\u0441\u044f\u0449\u0438\u0445\u0441\u044f \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u043d\u0435\u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043d\u0438\u0437\u0438\u043b\u0430\u0441\u044c \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e 2023 \u0433\u043e\u0434\u0430. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e \u0442\u0438\u043f\u0443 \u043f\u043e\u0434\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0435 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043e\u0442\u0441\u0442\u043e\u044f\u0442\u0441\u044f \u043a \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c.\n\n\u0422\u0430\u043a\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438, \u0442\u0430\u043a \u043a\u0430\u043a \u043a \u0447\u0438\u0441\u043b\u0443 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0441\u044f \u041f\u041e \u0441 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0447\u0443\u0432\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c: \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043e\u0431\u043c\u0435\u043d\u0430 \u0444\u0430\u0439\u043b\u0430\u043c\u0438, \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u0447\u0435\u0440\u0435\u0437 VPN, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u043c\u0438 \u0438 IoT-\u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c\u0438.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0434\u0430\u043d\u043d\u044b\u0445 \u0442\u0435\u043b\u0435\u043c\u0435\u0442\u0440\u0438\u0438 \u041b\u041a, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0434\u043b\u044f Windows \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0440\u0430\u0441\u0442\u0438 \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u0437\u0430 \u0441\u0447\u0435\u0442 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0445 \u0440\u0430\u0441\u0441\u044b\u043b\u043e\u043a \u0438 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043f\u0443\u0442\u0435\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u041a \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u043c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f \u0442\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Office (CVE-2018-0802, CVE-2017-11882\u00a0, CVE-2017-0199\u00a0 \u0438 CVE-2021-40444\u00a0).\n\n\u041d\u0430\u0431\u0438\u0440\u0430\u044e\u0449\u0430\u044f \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0435 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430 Linux \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u0440\u043e\u0441\u0442, \u043e\u0434\u043d\u0430\u043a\u043e \u0432 \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0432\u0435\u0441 Windows \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u044f\u0434\u0440\u043e (CVE-2022-0847, CVE-2023-2640 \u0438 CVE-2021-4034), \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u044f EoP.\n\n\u0422\u043e\u043f-10 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0432 APT-\u0430\u0442\u0430\u043a\u0430\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u043b\u0441\u044f \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u00a0\u043f\u0435\u0440\u0432\u043e\u0433\u043e \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0430, \u043d\u043e \u0447\u0430\u0449\u0435 \u0432\u0441\u0435\u0433\u043e \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0432\u043e \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0435 \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0442\u0435\u0445 \u0436\u0435 \u0442\u0438\u043f\u043e\u0432: \u0441\u0435\u0440\u0432\u0438\u0441\u044b \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u043e\u0444\u0438\u0441\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f.\n\n\u0411\u043e\u043b\u044c\u0448\u043e\u0435 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0430\u0442\u0430\u043a\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c Bring You Own Vulnerable Driver (BYOVD). \u041f\u0440\u0438\u0447\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043e\u043b\u0436\u043d\u0430 \u0431\u044b\u0442\u044c \u0441\u0432\u0435\u0436\u0435\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u0430\u043c\u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443.\n\n2023 \u0433\u043e\u0434 \u0441\u0442\u0430\u043b \u0441\u0430\u043c\u044b\u043c \u0431\u043e\u0433\u0430\u0442\u044b\u043c \u043d\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0430\u0442\u0430\u043a \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c BYOVD. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0437\u0430 \u043f\u0435\u0440\u0432\u0443\u044e \u043f\u043e\u043b\u043e\u0432\u0438\u043d\u0443 2024-\u0433\u043e \u0438\u0445 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0438 \u0431\u043e\u043b\u044c\u0448\u0435, \u0447\u0435\u043c \u0437\u0430 2021 \u0438 2022 \u0433\u043e\u0434\u044b, \u0432\u043c\u0435\u0441\u0442\u0435 \u0432\u0437\u044f\u0442\u044b\u0435. \u0412\u0442\u043e\u0440\u043e\u0439 \u043a\u0432\u0430\u0440\u0442\u0430\u043b \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u043c\u0435\u0442\u0438\u043b\u0441\u044f \u0440\u043e\u0441\u0442\u043e\u043c \u043f\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f.\n\n\u041d\u0430\u0433\u043b\u044f\u0434\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0433\u0440\u0430\u0444\u0438\u043a\u0430 \u0438 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0432\u043e \u0432\u0442\u043e\u0440\u043e\u043c \u043a\u0432\u0430\u0440\u0442\u0430\u043b\u0435 2024 \u0433\u043e\u0434\u0430 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2024-08-22T19:40:05.000000Z"}, {"uuid": "084a3ed0-7570-499b-a98e-04423ea2b403", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/2937", "content": "\u0417\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043d\u043e\u0432\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b APT Bitter (\u0430\u0437\u0438\u0430\u0442\u0441\u043a\u0430\u044f \u043f\u0440\u043e\u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u0430\u044f \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0430\u044f \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043f\u043e \u041f\u0430\u043a\u0438\u0441\u0442\u0430\u043d\u0443 \u0438 \u041a\u0438\u0442\u0430\u044e, \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e, \u0441\u0442\u043e\u0438\u0442 \u0418\u043d\u0434\u0438\u044f).\n\n\u041d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u0433\u0440\u0443\u043f\u043f\u0430 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430 \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u043a\u0430\u043c\u0438 Cisco Talos \u0432 \u043a\u0438\u0431\u0435\u0440\u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u043e \u0411\u0430\u043d\u0433\u043b\u0430\u0434\u0435\u0448, \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u043c\u043e\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043d\u043e\u0432\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432. \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u044f \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u0441\u044f \u0441 \u0430\u0432\u0433\u0443\u0441\u0442\u0430 2021 \u0433\u043e\u0434\u0430 \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433 Bitter, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u043d\u0435\u0438\u0437\u043c\u0435\u043d\u043d\u044b\u043c \u0441 2013 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0440\u0443\u044e\u0442 \u044d\u0442\u0443 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e \u0441 Bitter \u043f\u043e \u0431\u043e\u043b\u044c\u0448\u0435\u0439 \u0447\u0430\u0441\u0442\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u043e\u0432\u043f\u0430\u0434\u0435\u043d\u0438\u044f IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 C2 \u0441 \u0440\u0430\u043d\u0435\u0435 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0435\u043c\u044b\u043c\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u0433\u0440\u0443\u043f\u043f\u044b, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e\u0441\u0442\u0435\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0442\u0440\u043e\u043a \u0438 \u0441\u0445\u0435\u043c\u044b \u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u043c\u043e\u0434\u0443\u043b\u0435\u0439.\n\n\u0410\u0442\u0430\u043a\u0438 \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0446\u0435\u043b\u0438 \u043d\u0430\u0437\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0442\u0440\u0430\u043d\u044b \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0438 \u0434\u0432\u0435 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f, \u043e\u0431\u0435 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043d\u0430\u0447\u0438\u043d\u0430\u043b\u0438\u0441\u044c \u0441 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u043d\u0430 \u043a\u0430\u043d\u0430\u043b\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b. \u0420\u0430\u0437\u043d\u0438\u0446\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u043b\u0430\u0441\u044c \u0432 \u0442\u0438\u043f\u0435 \u0444\u0430\u0439\u043b\u043e\u0432, \u043f\u0440\u0438\u043a\u0440\u0435\u043f\u043b\u0435\u043d\u043d\u044b\u0445 \u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c\u0443 \u043f\u0438\u0441\u044c\u043c\u0443: \u043e\u0434\u043d\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0438 \u0441\u043e\u0431\u043e\u0439 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 .RTF, \u0430 \u0443 \u0434\u0440\u0443\u0433\u0438\u0435 - \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 .XLSX.\n\n\u041e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c \u044d\u043c\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043b\u0441\u044f \u043f\u043e\u0434 \u043f\u0430\u043a\u0438\u0441\u0442\u0430\u043d\u0441\u043a\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438. \u0412\u043e \u043c\u043d\u043e\u0433\u043e\u043c \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 Zimbra, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0441 \u043d\u0435\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438/\u0434\u043e\u043c\u0435\u043d\u0430 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b. \u0422\u0435\u043c\u0430\u0442\u0438\u043a\u0430 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043a\u0430\u0441\u0430\u043b\u0430\u0441\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u043d\u043e\u043c\u0435\u0440\u043e\u0432 \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u0432\u043d\u043e\u0432\u044c \u043f\u0440\u0438\u043d\u044f\u0442\u044b\u043c \u0432 \u0411\u0430\u043d\u0433\u043b\u0430\u0434\u0435\u0448 \u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u043e\u043c  \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043b\u0438 NEIR \u0434\u043b\u044f \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043d\u043e\u0433\u043e \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0430.\n\n\u0414\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u044b RTF \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 CVE-2017-11882 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0430\u0445 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0432\u0435\u0440\u0441\u0438\u044f\u043c\u0438 Microsoft Office. \u041f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u0444\u0430\u0439\u043b\u0430 \u0432 Microsoft Word, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u043b\u043e\u0441\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Equation Editor \u0438 \u0432\u044b\u043f\u043e\u043b\u0430\u0441\u044c \u0444\u043e\u0440\u043c\u0443\u043b\u0430 \u0443\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0430\u044f \u0433\u0430\u0434\u0436\u0435\u0442\u044b \u0432\u043e\u0437\u0432\u0440\u0430\u0442\u043d\u043e-\u043e\u0440\u0438\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f (ROP).\n\n\u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e ROP \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u043b \u0448\u0435\u043b\u043b-\u043a\u043e\u0434, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0439 \u0432 maldocs \u0432 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c \u0444\u043e\u0440\u043c\u0430\u0442\u0435, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043a \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u043c\u0443 \u0445\u043e\u0441\u0442\u0443 olmajhnservice[.]com \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u0442\u0430\u0431\u043b\u0438\u0446\u044b Excel \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0435 \u044d\u0442\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043b\u043e \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f CVE-2018-0798 \u0438 CVE-2018-0802, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u043b\u043e \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u0432 \u0443\u0441\u0442\u0430\u0440\u0435\u0432\u0448\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Microsoft Office. \u0412 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u043b\u043e\u0441\u044c \u0437\u0430\u043f\u0443\u0441\u043a\u043e\u043c \u0434\u0432\u0443\u0445 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u043c \u0437\u0430\u0434\u0430\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441 \u043f\u044f\u0442\u0438\u043c\u0438\u043d\u0443\u0442\u043d\u044b\u043c \u0438\u043d\u0442\u0435\u0440\u0432\u0430\u043b\u043e\u043c \u043f\u043e\u0441\u043b\u0435 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0445\u043e\u0441\u0442-\u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0442\u0440\u043e\u044f\u043d\u0430, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 Cisco Talos \u043d\u0430\u0437\u0432\u0430\u043b\u0438 ZxxZ.\n\n\u042d\u0442\u043e 32-\u0440\u0430\u0437\u0440\u044f\u0434\u043d\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0439 \u0444\u0430\u0439\u043b Windows, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0435\u0442 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043c\u043e\u0434\u0443\u043b\u0438 \u0441 \u043e\u0431\u0449\u0438\u043c\u0438 \u0438\u043c\u0435\u043d\u0430\u043c\u0438 \u0444\u0430\u0439\u043b\u043e\u0432, \u0442\u0430\u043a\u0438\u043c\u0438 \u043a\u0430\u043a \u00abUpdate.exe\u00bb, \u00abntfsc.exe\u00bb \u0438\u043b\u0438 \u00abnx.exe\u00bb. \u041e\u043d\u0438 \u043b\u0438\u0431\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u044e\u0442\u0441\u044f, \u043b\u0438\u0431\u043e \u043f\u043e\u043c\u0435\u0449\u0430\u044e\u0442\u0441\u044f \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0443\u044e \u043f\u0430\u043f\u043a\u0443 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0436\u0435\u0440\u0442\u0432\u044b \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Windows \u0441\u043e \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c\u044e \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043e\u0431\u044b\u0447\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0438\u043c\u0435\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0442\u0441\u0435\u043a\u0430\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b Windows Defender \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u0440\u0435\u0448\u0435\u043d\u0438\u0439.\n\n\u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u0431\u0440\u0430\u0441\u044b\u0432\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0444\u0438\u043b\u044f \u0436\u0435\u0440\u0442\u0432\u044b \u0432 \u0431\u0443\u0444\u0435\u0440 \u043f\u0430\u043c\u044f\u0442\u0438 \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0438\u0445 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f.\u00a0\u0417\u0430\u0442\u0435\u043c C2 \u043e\u0442\u0432\u0435\u0447\u0430\u0435\u0442 \u043f\u0435\u0440\u0435\u043d\u043e\u0441\u0438\u043c\u044b\u043c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u043c \u0444\u0430\u0439\u043b\u043e\u043c, \u0445\u0440\u0430\u043d\u044f\u0449\u0438\u043c\u0441\u044f \u0432 \u00ab%LOCALAPPDATA%\\Debug\\\u00bb. \u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441\u0431\u043e\u0435\u0432 \u043f\u0440\u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0438 \u044d\u0442\u043e\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 ZxxZ \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u0435\u0442 \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u0435\u0449\u0435 225 \u0440\u0430\u0437, \u043f\u0440\u0435\u0436\u0434\u0435 \u0447\u0435\u043c \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0443.\n\n\u041a\u0430\u043a \u0432 \u0438\u043d\u0434\u0438\u0439\u0441\u043a\u043e\u043c \u043a\u0438\u043d\u043e, APT Bitter \u043d\u0435 \u043f\u0435\u0440\u0435\u0441\u0442\u0430\u0435\u0442 \u0443\u0434\u0438\u0432\u043b\u044f\u0442\u044c \u0441\u0432\u043e\u0435\u0439 \u0433\u0438\u043f\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c\u044e, \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044f \u0441\u0432\u043e\u0439 \u0430\u0440\u0441\u0435\u043d\u0430\u043b \u043d\u043e\u0432\u044b\u043c\u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438 \u0438 \u043f\u0440\u0438\u043b\u0430\u0433\u0430\u044f \u0431\u043e\u043b\u044c\u0448\u0435 \u0443\u0441\u0438\u043b\u0438\u0439 \u0434\u043b\u044f \u0441\u043e\u043a\u0440\u044b\u0442\u0438\u044f \u0441\u0432\u043e\u0435\u0433\u043e \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445.", "creation_timestamp": "2022-05-13T09:24:05.000000Z"}, {"uuid": "d5fe420a-9236-454e-898c-5c2747270774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "exploited", "source": "https://t.me/information_security_channel/15313", "content": "New \"ThreadKit\" Office Exploit Builder Emerges\nhttp://feedproxy.google.com/~r/Securityweek/~3/7de3m_eM7i8/new-threadkit-office-exploit-builder-emerges\n\nA newly discovered Microsoft Office document exploit builder kit has been used for the distribution of a variety of malicious payloads, including banking Trojans and backdoors, Proofpoint reports.\nThe exploit builder kit was initially discovered in October 2017, but Proofpoint's researchers have linked it to activity dating back to June 2017. The builder kit shows similarities to Microsoft Word Intruder (MWI), but is a new tool called ThreadKit.\nIn June 2017, the kit was being advertised in a forum post as being able to create documents with embedded executables and embedded decoy documents, and several campaigns featuring such documents were observed that month. The documents would perform an initial check-in to the command and control (C&C) server, a tactic also used by MWI. \nThe documents were targeting CVE-2017-0199 and were focused on downloading and executing a HTA file that would then download the decoy and a malicious VB script to extract and run the embedded executable. The payload was Smoke Loader, which in turn downloaded banking malware.\nIn October, ThreadKit started targeting CVE 2017-8759 as well, but continued to use the initial C&C check-in and the HTA file to execute the embedded executable, Proofpoint says (https://www.proofpoint.com/us/threat-insight/post/unraveling-ThreadKit-new-document-exploit-builder-distribute-The-Trick-Formbook-Loki-Bot-malware). However, changes were made to the manner in which the exploit documents operate and new exploits were integrated as well. \nIn November, ThreadKit was quick to incorporate exploits for new Microsoft Office vulnerabilities, and started being advertised as capable of targeting CVE 2017-11882 too. Soon after, campaigns that featured the previously observed check-in already started to emerge. \nIn February and March 2018, the kit was embedding new exploits, targeting vulnerabilities such as an Adobe Flash zero-day (CVE-2018-4878) and several new Microsoft office vulnerabilities, including CVE-2018-0802 and CVE-2017-8570. \nAt the same time, the researchers noticed a large spike in email campaigns featuring ThreadKit-generated Office attachments packing these exploits. The exploits appear copied from proofs of concept available on a researcher\u2019s GitHub repo. \nAs part of these attacks, the attachments would drop the contained packager objects into the temp folder, then the exploits would execute the dropped scriptlet file, thus leading to the execution of the dropped batch files, which in turn run the executable.\nProofpoint found that not all ThreadKit documents contain a valid URL for the statistics check-in (some contain placeholder URLs). Furthermore, not all documents followed the same execution chain, with some scripts modified to perform other actions, a customization that may be provided as a service by the kit author.\n\u201cIn 2017, several new vulnerabilities entered regular use by threat actors and the first months of 2018 have added to that repertoire. Document exploit builder kits like ThreadKit enable even low-skilled threat actors to take advantage of the latest vulnerabilities to distribute malware. Organizations and individuals can mitigate the risk from ThreadKit and other document exploit-based attacks by ensuring that clients are patched for the latest vulnerabilities in Microsoft office and other applications,\u201d Proofpoint concludes. \nRelated: Microsoft Patches Zero-Day Vulnerability in Office\nRelated: Microsoft Manually Patched Office Component: Researchers", "creation_timestamp": "2018-03-27T17:57:22.000000Z"}, {"uuid": "e5047a9c-d27e-4c08-9fd3-76e28ee686a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://t.me/thehackernews/6093", "content": "\ud83d\uded1 Cloud Atlas is deploying VBShower and PowerShower\u2014malware that operates in stages, infiltrating networks and harvesting credentials. \n \n\ud83d\udcc2 Quick Actions: \n\u2714\ufe0f Patch outdated vulnerabilities like CVE-2018-0802 immediately \n\u2714\ufe0f Monitor for unusual cloud storage activity \n\u2714\ufe0f Deploy advanced monitoring tools for NTFS file changes. \n\u2714\ufe0f Conduct phishing simulations to bolster employee awareness. \n \nFind details here: https://thehackernews.com/2024/12/cloud-atlas-deploys-vbcloud-malware.html", "creation_timestamp": "2024-12-27T12:25:26.000000Z"}, {"uuid": "c826687c-accf-4145-9442-a4c2cadf139a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "exploited", "source": "https://t.me/information_security_channel/29050", "content": "Multiple Chinese Groups Share the Same RTF Weaponizer\nhttp://feedproxy.google.com/~r/Securityweek/~3/5K_97JR4HFw/multiple-chinese-groups-share-same-rtf-weaponizer\n\nDuring an investigation into a possibly shared RTF weaponizer by Indian and Chinese APT groups, researchers have discovered that multiple Chinese groups have updated the weaponizer to exploit the Microsoft Equation Editor (EE) vulnerability CVE-2018-0798. The same weaponizer had previously delivered exploits for EE vulnerabilities CVE-2017-11882 and CVE-2018-0802.\nread more (https://www.securityweek.com/multiple-chinese-groups-share-same-rtf-weaponizer)", "creation_timestamp": "2019-07-03T21:31:08.000000Z"}, {"uuid": "2ba75217-62c7-4c18-a1ed-be1500909183", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/3025", "content": "The Bug That Killed Equation Editor - How We Found, Exploited And Micropatched It (CVE-2018-0802)\nhttps://0patch.blogspot.com.tr/2018/01/the-bug-that-killed-equation-editor-how.html", "creation_timestamp": "2018-01-12T22:03:40.000000Z"}, {"uuid": "a3ebc553-21fc-4309-b719-170d6929af0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "exploited", "source": "https://t.me/canyoupwnme/3661", "content": "CVE-2017-8570 and CVE-2018-0802 exploits being used to spread LokiBot\nhttps://www.zscaler.com/blogs/research/cve-2017-8570-and-cve-2018-0802-exploits-being-used-spread-lokibot", "creation_timestamp": "2018-04-28T00:27:03.000000Z"}, {"uuid": "60f10205-03fb-49bf-80d2-1e4f100b0389", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "Telegram/V1HdJIL4JCLUEE5wbCfm6IRtLRhhrscJwVVe9_woeQfAQwed", "content": "", "creation_timestamp": "2021-08-17T13:01:03.000000Z"}, {"uuid": "38b23d1c-31a2-416a-b123-df9b8bc6d135", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/60", "content": "#exploit\nNew vulnerabilities in Microsoft products\n\n1. CVE-2018-0802:\nEquation Editor in MS Office 2007, 2010, 2013, 2016 - RCE\nhttps://github.com/zldww2011/CVE-2018-0802_POC\n]-> https://github.com/rxwx/CVE-2018-0802\nGenerate RTF exploit payload uses CVE-2017-11882, CVE-2017-8570, CVE-2018-0802, CVE-2018-8174\nhttps://github.com/dcsync/rtfkit\n\n2. CVE-2018-0824:\nRCE in \"Microsoft COM for Windows\"\nhttps://github.com/codewhitesec/UnmarshalPwn\n// This affects Win7, 8.1, 10, RT 8.1, Server 2012 R2, 2008/2008 R2, 2012, 2016\n\n3. CVE-2018-0886:\nCredSSP protocol in MS Windows Server 2008 SP2/R2 SP1, Win7 SP1, 8.1, RT 8.1, Server 2012/R2, Win10 Gold, 1511, 1607, 1703, 1709, Server 2016, 1709 - RCE\nhttps://github.com/preempt/credssp", "creation_timestamp": "2024-10-10T21:06:31.000000Z"}, {"uuid": "898c4fe8-508a-410e-a4ca-e6e7ab28ce2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://t.me/true_secator/8246", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u043d\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0433\u0440\u0443\u043f\u043f\u044b Cloud Atlas.\n\n\u0412 2025\u00a0\u0433\u043e\u0434\u0443 \u041b\u041a \u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c SSH-\u0442\u0443\u043d\u043d\u0435\u043b\u0435\u0439, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0438 \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \u0438 \u0411\u0435\u043b\u0430\u0440\u0443\u0441\u0438, \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u044f \u0435\u0435 \u0438 \u0432 2026.\n\n\u0412 \u0445\u043e\u0434\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0432 \u041b\u041a \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0435 \u044d\u0442\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u043e\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 IOCs.\n\n\u0413\u0440\u0443\u043f\u043f\u0430 \u0432\u0435\u0440\u043d\u0443\u043b\u0430\u0441\u044c \u043a \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0435 \u0430\u0440\u0445\u0438\u0432\u043e\u0432 \u0441 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u043c\u0438 \u044f\u0440\u043b\u044b\u043a\u0430\u043c\u0438, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0438\u043c\u0438 PowerShell-\u0441\u043a\u0440\u0438\u043f\u0442\u044b.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043e\u0447\u0435\u0442\u0430\u044e\u0442 \u044d\u0442\u0443 \u0442\u0435\u0445\u043d\u0438\u043a\u0443 \u0441 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435\u043c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435, \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u043e\u0441\u044c \u0440\u0430\u043d\u0435\u0435, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0441\u0442\u0430\u0440\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0435 \u0444\u043e\u0440\u043c\u0443\u043b Microsoft Office Equation Editor (CVE-2018-0802) \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0422\u0430\u043a\u0436\u0435 \u0433\u0440\u0443\u043f\u043f\u0430 \u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u043c\u0438 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c\u0438 \u0443\u0442\u0438\u043b\u0438\u0442\u0430\u043c\u0438 (Tor, SSH \u0438 RevSocks) \u0434\u043b\u044f \u0437\u0430\u043a\u0440\u0435\u043f\u043b\u0435\u043d\u0438\u044f \u0432 \u0437\u0430\u0440\u0430\u0436\u0435\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0445 \u043a\u0430\u043d\u0430\u043b\u043e\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0442\u0435\u043b\u0435\u043c\u0435\u0442\u0440\u0438\u0438, \u0432 \u043a\u043e\u043d\u0446\u0435 2025 \u0438 \u043d\u0430\u0447\u0430\u043b\u0435 2026\u00a0\u0433\u043e\u0434\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u0446\u0435\u043b\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0435\u043d\u044b \u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \u0438 \u0411\u0435\u043b\u0430\u0440\u0443\u0441\u0438.\n\n\u0421\u0440\u0435\u0434\u0438 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u043f\u0440\u0435\u043e\u0431\u043b\u0430\u0434\u0430\u044e\u0442 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0432\u0435\u0434\u043e\u043c\u0441\u0442\u0432\u0430 \u0438 \u0434\u0438\u043f\u043b\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b.\n\n\u0421 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u044c\u044e \u0443\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u041b\u041a \u0441\u0432\u044f\u0437\u044b\u0432\u0430\u044e\u0442 \u0434\u0430\u043d\u043d\u0443\u044e \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0441 APT-\u0433\u0440\u0443\u043f\u043f\u043e\u0439 Cloud Atlas, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0440\u0430\u043d\u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0435 TTPs \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0432\u0435\u043a\u0442\u043e\u0440 \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, Python-\u0441\u043a\u0440\u0438\u043f\u0442\u044b \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 Tor \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u0440\u0442\u043e\u0432 \u0432 \u0441\u0435\u0442\u044c Tor.\n\n\u041f\u0440\u043e\u0444\u0438\u043b\u044c \u0436\u0435\u0440\u0442\u0432 \u0438 \u0433\u0435\u043e\u0433\u0440\u0430\u0444\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u0442\u0438\u043f\u043e\u0432\u044b\u043c \u0446\u0435\u043b\u044f\u043c Cloud Atlas.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u0435\u0440\u0435\u0441\u0435\u0447\u0435\u043d\u0438\u044f \u0441 \u043d\u0435\u0434\u0430\u0432\u043d\u0435\u0439 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c\u044e Head Mare. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u044d\u0442\u043e, TTPs \u0433\u0440\u0443\u043f\u043f \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0440\u0430\u0437\u043b\u0438\u0447\u0430\u044e\u0442\u0441\u044f.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0431\u044d\u043a\u0434\u043e\u0440 PhantomHeart, \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c\u044b\u0439 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0439 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f SSH-\u0442\u0443\u043d\u043d\u0435\u043b\u0435\u0439, \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u043b\u0441\u044f \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430\u0445, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 Cloud Atlas: C:\\Windows\\ime, C:\\Windows\\System32\\ime, C:\\Windows\\pla, C:\\Windows\\inf, C:\\Windows\\migration, C:\\Windows\\System32\\timecontrolsvc \u0438 C:\\Windows\\SKB.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u0432 \u041b\u041a, \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0434\u0435\u0441\u044f\u0442\u0438 \u043b\u0435\u0442 Cloud Atlas \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0440\u0430\u0441\u0448\u0438\u0440\u044f\u0442\u044c \u0441\u0432\u043e\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439.\n\n\u0412 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0433\u043e\u0434\u0443 ReverseSocks, SSH \u0438 Tor \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0440\u0430\u0437\u043d\u044b\u043c\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0432\u043e \u043c\u043d\u043e\u0433\u0438\u0445 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445, \u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0433\u0440\u0443\u043f\u043f\u044b Cloud Atlas \u043d\u0435 \u0441\u0442\u0430\u043b\u0438 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c.\n\n\u0420\u0435\u0437\u0435\u0440\u0432\u043d\u044b\u0435 \u043a\u0430\u043d\u0430\u043b\u044b \u04212 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u044d\u0442\u0438\u0445 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0443\u0442\u0438\u043b\u0438\u0442 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0443\u0441\u043b\u043e\u0436\u043d\u044f\u044e\u0442 \u0437\u0430\u0434\u0430\u0447\u0443 \u043f\u043e\u043b\u043d\u043e\u0439 \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u044d\u0442\u0438\u0445 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0432 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445.\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u0432\u0435\u0436\u0438\u0435 IOCs - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2026-05-26T18:00:07.000000Z"}, {"uuid": "fefe8733-8df4-4c46-abd4-b225d44c60c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-e8c8129d-b09e02c4de9c4f4a", "content": "Exploits and vulnerabilities in Q1 2026\nDuring Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems.\nIn this report, we dive into the statistics on published vulnerabilities and exploits, as well as the known vulnerabilities leveraged by popular C2 frameworks throughout Q1 2026.\nStatistics on registered vulnerabilities\nThis section provides statistical data on registered vulnerabilities. The data is sourced from cve.org.\nWe examine the number of registered CVEs for each month starting from January 2022. The total volume of vulnerabilities continues rising and, according to current reports, the use of AI agents for discovering security issues is expected to further reinforce this upward trend.\nTotal published vulnerabilities per month from 2022 through 2026 (download)\nNext, we analyze the number of new critical vulnerabilities (CVSS > 8.9) over the same period.\nTotal critical vulnerabilities published per month from 2022 through 2026 (download)\nThe graph indicates that while the volume of critical vulnerabilities slightly decreased compared to previous years, an upward trend remained clearly visible. At present, we attribute this to the fact that the end of last year was marked by the disclosure of several severe vulnerabilities in web frameworks. The current growth is driven by high-profile issues like React2Shell, the release of exploit frameworks for mobile platforms, and the uncovering of secondary vulnerabilities during the remediation of previously discovered ones. We will be able to test this hypothesis in the next quarter; if correct, the second quarter will show a significant decline, similar to the pattern observed in the previous year.\nExploitation statistics\nThis section presents statistics on vulnerability exploitation for Q1 2026. The data draws on open sources and our telemetry.\nWindows and Linux vulnerability exploitation\nIn Q1 2026, threat actor toolsets were updated with exploits for new, recently registered vulnerabilities. However, we first examine the list of veteran vulnerabilities that consistently account for the largest share of detections:\n\nCVE-2018-0802: a remote code execution (RCE) vulnerability in the Equation Editor component\nCVE-2017-11882: another RCE vulnerability also affecting Equation Editor\nCVE-2017-0199: a vulnerability in Microsoft Office and WordPad that allows an attacker to gain control over the system\nCVE-2023-38831: a vulnerability resulting from the improper handling of objects contained within an archive\nCVE-2025-6218: a vulnerability allowing the specification of relative paths to extract files into arbitrary directories, potentially leading to malicious command execution\nCVE-2025-8088: a directory traversal bypass vulnerability during file extraction utilizing NTFS Streams\nAmong the newcomers, we have observed exploits targeting the Microsoft Office platform and Windows OS components. Notably, these new vulnerabilities exploit logic flaws arising from the interaction between multiple systems, making them technically difficult to isolate within a specific file or library. A list of these vulnerabilities is provided below:\n\nCVE-2026-21509 and CVE-2026-21514: security feature bypass vulnerabilities: despite Protected View being enabled, a specially crafted file can still execute malicious code without the user\u2019s knowledge. Malicious commands are executed on the victim\u2019s system with the privileges of the user who opened the file.\nCVE-2026-21513: a vulnerability in the Internet Explorer MSHTML engine, which is used to open websites and render HTML markup. The vulnerability involves bypassing rules that restrict the execution of files from untrusted network sources. Interestingly, the data provider for this vulnerability was an LNK file.\nThese three vulnerabilities were utilized together in a single chain during attacks on Windows-based user systems. While this combination is noteworthy, we believe the widespread use of the entire chain as a unified exploit will likely decline due to its instability. We anticipate that these vulnerabilities will eventually be applied individually as initial entry vectors in phishing campaigns.\nBelow is the trend of exploit detections on user Windows systems starting from Q1 2025.\nDynamics of the number of Windows users encountering exploits, Q1 2025 \u2013 Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)\nThe vulnerabilities listed here can be leveraged to gain initial access to a vulnerable system and for privilege escalation. This underscores the critical importance of timely software updates.\nOn Linux devices, exploits for the following vulnerabilities were detected most frequently:\n\nCVE-2022-0847: a vulnerability known as Dirty Pipe, which enables privilege escalation and the hijacking of running applications\nCVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation\nCVE-2021-22555: a heap out-of-bounds write vulnerability in the Netfilter kernel subsystem\nCVE-2023-32233: a vulnerability in the Netfilter subsystem that allows for Use-After-Free conditions and privilege escalation through the improper processing of network requests\nDynamics of the number of Linux users encountering exploits, Q1 2025 \u2013 Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)\nIn the first quarter of 2026, we observed a decrease in the number of detected exploits; however, the detection rates are on the rise relative to the same period last year. For the Linux operating system, the installation of security patches remains critical.\nMost common published exploits\nThe distribution of published exploits by software type in Q1 2026 features an updated set of categories; once again, we see exploits targeting operating systems and Microsoft Office suites.\nDistribution of published exploits by platform, Q1 2026 (download)\nVulnerability exploitation in APT attacks\nWe analyzed which vulnerabilities were utilized in APT attacks during Q1 2026. The ranking provided below includes data based on our telemetry, research, and open sources.\nTOP 10 vulnerabilities exploited in APT attacks, Q1 2026 (download)\nIn Q1 2026, threat actors continued to utilize high-profile vulnerabilities registered in the previous year for APT attacks. The hypothesis we previously proposed has been confirmed: security flaws affecting web applications remain heavily exploited in real-world attacks. However, we are also observing a partial refresh of attacker toolsets. Specifically, during the first quarter of the year, APT campaigns leveraged recently discovered vulnerabilities in Microsoft Office products, edge networking device software, and remote access management systems. Although the most recent vulnerabilities are being exploited most heavily, their general characteristics continue to reinforce established trends regarding the categories of vulnerable software. Consequently, we strongly recommend applying the security patches provided by vendors.\nC2 frameworks\nIn this section, we examine the most popular C2 frameworks used by threat actors and analyze the vulnerabilities targeted by the exploits that interacted with C2 agents in APT attacks.\nThe chart below shows the frequency of known C2 framework usage in attacks against users during Q1 2026, according to open sources.\nTOP 10 C2 frameworks used by APTs to compromise user systems, Q1 2026 (download)\nMetasploit has returned to the top of the list of the most common C2 frameworks, displacing Sliver, which now shares the second position with Havoc. These are followed by Covenant and Mythic, the latter of which previously saw greater popularity. After studying open sources and analyzing samples of malicious C2 agents that contained exploits, we determined that the following vulnerabilities were utilized in APT attacks involving the C2 frameworks mentioned above:\n\nCVE-2023-46604: an insecure deserialization vulnerability allowing for arbitrary code execution within the server process context if the Apache ActiveMQ service is running\nCVE-2024-12356 and CVE-2026-1731: command injection vulnerabilities in BeyondTrust software that allow an attacker to send malicious commands even without system authentication\nCVE-2023-36884: a vulnerability in the Windows Search component that enables command execution on the system, bypassing security mechanisms built into Microsoft Office applications\nCVE-2025-53770: an insecure deserialization vulnerability in Microsoft SharePoint that allows for unauthenticated command execution on the server\nCVE-2025-8088 and CVE-2025-6218: similar directory traversal vulnerabilities that allow files to be extracted from an archive to a predefined path, potentially without the archiving utility displaying any alerts to the user\nThe nature of the described vulnerabilities indicates that they were exploited to gain initial access to the system. Notably, the majority of these security issues are targeted to bypass authentication mechanisms. This is likely due to the fact that C2 agents are being detected effectively, prompting threat actors to reduce the probability of discovery by utilizing bypass exploits.\nNotable vulnerabilities\nThis section highlights the most significant vulnerabilities published in Q1 2026 that have publicly available descriptions.\nCVE-2026-21519: Desktop Window Manager vulnerability\nAt the core of this vulnerability is a Type Confusion flaw. By attempting to access a resource within the Desktop Window Manager subsystem, an attacker can achieve privilege escalation. A necessary condition for exploiting this issue is existing authorization on the system.\nIt is worth noting that the DWM subsystem has been under close scrutiny by threat actors for quite some time. Historically, the primary attack vector involves interacting with the NtDComposition* function set.\nRegPwn (CVE-2026-21533): a system settings access control vulnerability\nCVE-2026-21533 is essentially a logic vulnerability that enables privilege escalation. It stems from the improper handling of privileges within Remote Desktop Services (RDS) components. By modifying service parameters in the registry and replacing the configuration with a custom key, an attacker can elevate privileges to the SYSTEM level. This vulnerability is likely to remain a fixture in threat actor toolsets as a method for establishing persistence and gaining high-level privileges.\nCVE-2026-21514: a Microsoft Office vulnerability\nThis vulnerability was discovered in the wild during attacks on user systems. Notably, an LNK file is used to initiate the exploitation process. CVE-2026-21514 is also a logic issue that allows for bypassing OLE technology restrictions on malicious code execution and the transmission of NetNTLM authentication requests when processing untrusted input.\nClawdbot (CVE-2026-25253): an OpenClaw vulnerability\nThis vulnerability in the AI agent leaks credentials (authentication tokens) when queried via the WebSocket protocol. It can lead to the compromise of the infrastructure where the agent is installed: researchers have confirmed the ability to access local system data and execute commands with elevated privileges. The danger of CVE-2026-25253 is further compounded by the fact that its exploitation has generated numerous attack scenarios, including the use of prompt injections and ClickFix techniques to install stealers on vulnerable systems.\nCVE-2026-34070: LangChain framework vulnerability\nLangChain is an open-source framework designed for building applications powered by large language models (LLMs). A directory traversal vulnerability allowed attackers to access arbitrary files within the infrastructure where the framework was deployed. The core of CVE-2026-34070 lies in the fact that certain functions within langchain_core/prompts/loading.py handled configuration files insecurely. This could potentially lead to the processing of files containing malicious data, which could be leveraged to execute commands and expose critical system information or other sensitive files.\nCVE-2026-22812: an OpenCode vulnerability\nCVE-2026-22812 is another vulnerability identified in AI-assisted coding software. By default, the OpenCode agent provided local access for launching authorized applications via an HTTP server that did not require authentication. Consequently, attackers could execute malicious commands on a vulnerable device with the privileges of the current user.\nConclusion and advice\nWe observe that the registration of vulnerabilities is steadily gaining momentum in Q1 2026, a trend driven by the widespread development of AI tools designed to identify security flaws across various software types. This trajectory is likely to result not only in a higher volume of registered vulnerabilities but also in an increase in exploit-driven attacks, further reinforcing the critical necessity of timely security patch deployment. Additionally, organizations must prioritize vulnerability management and implement effective defensive technologies to mitigate the risks associated with potential exploitation.\nTo ensure the rapid detection of threats involving exploit utilization and to prevent their escalation, it is essential to deploy a reliable security solution. Key features of such a tool include continuous infrastructure monitoring, proactive protection, and vulnerability prioritization based on real-world relevance. These mechanisms are integrated into Kaspersky Next, which also provides endpoint security and protection against cyberattacks of any complexity. \nsecurelist.com/vulnerabilities\u2026", "creation_timestamp": "2026-05-07T10:52:23.077482Z"}, {"uuid": "84a9310e-5ae3-4c13-92e6-a5ef01449f98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-ed573033-af39cc92308f9b06", "content": "Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload\nIn 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group we have known since 2014. During our investigation, we identified new tools used by this group, as well as indicators of compromise.\nThe group is back to sending out archives containing malicious shortcuts that launch PowerShell scripts. This technique is employed in addition to the previously described use of malicious documents, which exploit an old vulnerability in the Microsoft Office Equation Editor process (CVE-2018-0802) to download and execute malicious code. We have observed the use of third-party public utilities (Tor/SSH/RevSocks) to gain a foothold in infected systems and create additional backup control channels.\nTechnical details\nInitial infection\nAs for the primary compromise, Cloud Atlas remains consistent in using phishing. In the observed campaigns, the attackers emailed a ZIP archive containing an LNK file as an attachment.\nMalware execution flow\nAttackers use LNK shortcuts to covertly execute PowerShell scripts hosted on external resources. The command line of the shortcut:\nExample of the PowerShell script downloaded and executed by the shortcut:\nExample of the PowerShell script downloaded by the shortcut\nActions performed by the downloaded PowerShell:StepActionDescription1 Drops \u201c$temp\\fixed.ps1\u201dPre-staging: places the main payload locally in advance to ensure an execution capability independent of subsequent network connectivity or C2 availability.2Creates \u201cRun\u201d registry key \u201cYandexBrowser_setup\u201d for \u201c$temp\\fixed.ps1\u201d startupEarly persistence: guarantees execution upon the next logon or reboot. If the script is interrupted during later stages, the payload will still activate automatically.3Downloads and drops \u201c$temp\\rar.zip\u201dExtracts \u201c*.pdf\u201d from the downloaded  \u201c$temp\\rar.zip\u201dPayload delivery: retrieves the decoy archive from the remote server to prepare user-facing content for the distraction phase.4Extracts \u201c*.pdf\u201d from the downloaded  \u201c$temp\\rar.zip\u201dDecoy preparation: unpacks the legitimate-looking document so it can be executed silently without requiring user interaction.6Opens extracted decoy document \u201c*.pdf\u201d with user\u2019s default softwareUser distraction: opens a convincing document to maintain user engagement and creates a legitimate workflow appearance to buy additional 30\u2013120 seconds for background operations.6Executes  \u201ctaskkill.exe /F /Im winrar.exe\u201dProcess concealment: terminates the archive extractor to prevent the user from seeing the archive contents or noticing unexpected file extraction activity.7Searches and deletes \u201crar.zip\u201d, \u201c*.pdf.zip\u201d and \u201c*.pdf.lnk\u201dAnti-forensic cleanup: removes the initial infection artifacts before activating the main payload, reducing the number of disk traces available for incident response or EDR correlation.8Executes  \u201c$temp\\fixed.ps1\u201dControlled execution: launches the main payload only after persistence is secured, the user is distracted, and access traces are cleaned up.\nFixed.ps1 (loader)\nThe primary purpose of the Fixed.ps1 script is to deliver and install subsequent malware onto the compromised system, specifically VBCloud and PowerShower. Fixed.ps1 establishes persistence (by adding itself to registry Run keys), creates a decoy for the user (by opening a PDF document), and executes the next stages of the attack.\nFixed.ps1::Payload (VBCloud dropper)\nExample of the fixed.ps1::Payload (VBCloud dropper)\nThis module functions as a dropper for the VBCloud backdoor. It drops two files onto the infected machine:\n\nvideo.vbs: the loader of the backdoor,VBCloud::Launcher. This is a VBScript that decrypts the contents of video.mds (typically using RC4 with a hardcoded key) and executes it in memory.\nvideo.mds: the encrypted body of the backdoor, VBCloud::Backdoor. This is the main module that connects to a C2 server to receive additional scripts or execute built-in commands. This backdoor is designed to function as a stealer, specifically targeting files with extensions of interest (such as DOC, PDF, XLS) and exfiltrating them.\n\nFixed.ps1::Payload (PowerShower)\nThis module installs a second backdoor called PowerShower on the system. We don\u2019t have the specific script that performs this installation, but we assume it\u2019s performed by a script similar to fixed.ps1::Payload (VBCloud dropper).\nUnlike VBCloud, which focuses on file theft, PowerShower is primarily used for network reconnaissance and lateral movement within the victim\u2019s infrastructure. PowerShower can perform the following tasks:\n\nCollect information about running processes, administrator groups, and domain controllers.\nDownload and execute PowerShell scripts from the C2 server.\nConduct \u201cKerberoasting\u201d attacks (stealing password hashes of Active Directory accounts).\nPowerShower is dropped onto the system via the path \u2018C:\\Users\\[username]\\Pictures\\googleearth.ps1\u2019.\nContents of the googleearth.ps1(PowerShower)\nPowerShower::Payload (credential grabber)\nPowerShower downloads an additional script for stealing credentials. It performs the following actions:\n\nCreates a Volume Shadow Copy of the C:\\ drive.\nCopies the SAM (stores local user password hashes) and SECURITY system files from this shadow copy to C:\\Users\\Public\\Documents\\, disguising them as PDF files.\nThe script is launched in several stages. To execute with high privileges, the script uses a UAC bypass technique via fodhelper.exe (a built-in Windows utility). This allows PowerShell to run as an administrator without directly prompting the user, which could otherwise raise suspicion.\nThe full launch chain looks like this:\nThe full Base64-decoded script is given below.\n\nMulti-user RDP by patching termsrv.dll\nMoving laterally across the victim\u2019s network, the attackers executed a suspicious PowerShell script named rdp_new.ps1 (MD5 1A11B26DD0261EF27A112CE8B361C247):\nThe script is designed to allow multiple RDP sessions in Windows 10 by patching the termsrv.dll file. Termsrv.dll is the core Windows library that enforces Remote Desktop Services rules.\nBy default, Windows limits the number of simultaneous RDP sessions. Removing this restriction allows attackers to operate on the machine in the background without disconnecting the legitimate user, thereby reducing the likelihood of detection.\nAt first, the script enables RDP on the firewall and downgrades the RDP security settings:\nBefore modifying termsrv.dll, the script takes ownership and assigns itself full permissions. Then the script finds the sequence of bytes 39 81 3C 06 00 00 ?? ?? ?? ?? ?? ?? and replaces it with B8 00 01 00 00 89 81 38 06 00 00 90. After these manipulations, the script restarts the RDP service.\nExample of script\nThe patched version allows multiple concurrent logins so attackers can stay connected without disrupting the legitimate user, thereby reducing suspicion.\nReverse SSH tunneling\nAs mentioned above, during this wave of attacks, the adversaries widely deployed reverse SSH tunnels to many hosts of interest. The compromised machine initiates an SSH connection to an attacker-controlled server, which allows attackers to bypass standard firewall rules via establishing outbound connections.\nThat way, even if the primary backdoor is discovered, the attackers can maintain control through the SSH tunnel.\nTo install a reverse SSH tunnel on a victim\u2019s host, the attackers run VBS scripts via PAExec or PsExec.\nWe\u2019ve seen three types of scripts:\n\nGen.vbs (WriteToSchedulerGenerateKey.vbs) generates key for SSH tunnel.\nRun.vbs (WriteToSchedulerRunSSH.vbs) runs reverse SSH tunnel.\nKill.vbs (WriteToSchedulerKillSSH.vbs) stops reverse SSH tunnel via taskkill.exe.\nTo achieve persistence, the attackers added a new scheduled task in Windows:\nIn some cases, before establishing a reverse SSH tunnel, attackers set new access permissions to the folder containing the private key to prevent the legitimate user or system administrators from easily accessing or modifying it:\n\nPatched OpenSSH\nSome OpenSSH binaries used by the attackers had their imports modified. Instead of libcrypto.dll, the SSH executable imports syruntime.dll, which was placed in the same folder as the binary. This was likely done to evade detection and ensure stealth.\nIn addition, we found a portable version of OpenSSH, presumably compiled by the adversaries:\n\nRevSocks\nIn addition to Reverse SSH tunnels, the attackers installed RevSocks using the same infrastructure. RevSocks is an alternative tool to SSH for establishing tunnels and proxy connections, written in Golang. This tool allows direct connection to workstations on the local network. It also allows attackers to gain access to other segments of the victim\u2019s network by using the machine as a gateway. In some cases, C2 addresses were hardcoded into the binary; in other cases, the C2 was passed in command line arguments.\nThere were also reverse SOCKS samples with hardcoded C2 addresses:\n\nTor tunneling\nTo maintain control over the compromised host, the Tor network was used in some cases. A minimal set of a Tor executable and configuration files, necessary for launching HiddenService, was copied to the system directories of infected devices. The name of the Tor Browser executable file was modified. As a result, the infected machine was accessible via RDP from the Tor network when accessing the generated .onion domain.Below is an example of a configuration file for routing connections from Tor to RDP ports on the local network, as well as example command lines for logging into Tor.\nExample of TOR configuration file\nPowerCloud\nWe analyzed a new Cloud Atlas tool, PowerCloud. It collects user data with administrator privileges and writes this information to Google Sheets in Base64 format.\nThe tool represents an obfuscated PowerShell script. In most cases, it is packaged into an executable file using the PS2EXE utility, but we have also encountered variants in the form of a separate PowerShell script.\nTo find administrators on the victim host, the tool executes the following command:\nThis information is appended with the computer name and current date, the data is encoded in base64, and then the collected data is added to an existing Google Sheet.\nPowerCloud script\nBrowser checker\nAdditionally, the attackers used another PowerShell script (MD5 5329F7BFF9D0D5DB28821B86C26D628F), compiled into an executable file via PS2EXE, which checks whether browser processes (Chrome, Edge, Firefox, and other) are running. This helps detect when the user is working on the computer. This can be used to choose the optimal time for conducting attacks (for example, when the user is away but their browser is still open) or simply to gather information about the victim\u2019s habits.\nThe information about running browsers is written to a log file on the local host.\nFragment of the deobfuscated script\nVictims\nAccording to our telemetry, in late 2025 and early 2026, the identified targets of the described malicious activities are located in Russia and Belarus. The targeted industries mostly include government agencies and diplomatic entities.\nWe attribute the activity described in this report to the Cloud Atlas APT group with a high degree of confidence. The group used techniques and tools described previously, such as the initial access vector, the Python script for information gathering, and the Tor application for forwarding ports to the Tor network. The victim profile and geography also matches the Cloud Atlas targets.\nWe couldn\u2019t help but notice some parallels with recent Head Mare activity. The PhantomHeart backdoor (available in Russian only), attributed to Head Mare and used to create an SSH tunnel, was placed in directories actively used by Cloud Atlas:\n\nC:\\Windows\\ime\nC:\\Windows\\System32\\ime\nC:\\Windows\\pla\nC:\\Windows\\inf\nC:\\Windows\\migration\nC:\\Windows\\System32\\timecontrolsvc\nC:\\Windows\\SKB\nHowever, TTPs are still differentiated.\nConclusion\nFor more than ten years, the Cloud Atlas group has continued its activities and expanded its arsenal. Over the course of last year, many targeted campaigns in general were found to employ ReverseSocks, SSH and Tor, and the use of these utilities was no exception for Cloud Atlas. Creating such backup control channels using publicly available utilities significantly complicates the complete disruption of attackers\u2019 actions on compromised systems. We will continue to closely monitor the group\u2019s activity and describe their new tools and techniques.\nIndicators of compromise\nPowerCloud\n7A95360B7E0EB5B107A3D231ABBC541A  C:\\Windows\\wininet.exeC0D1EAA15A2CEFBAB9735787575C8D8E C:\\Windows\\LiveKernelReports\\update.exeD5B38B252CF212A4A32763DE36732D40   C:\\Windows\\ime\\imejp\\dicts\\i39884.exe3C75CEDB1196DF5EAB91F31411ED4B33  C:\\pla\\reports.exe42AC350BFBC5B4EB0FEDBA16C81919C7   C:\\ProgramData\\update_[redacted].exe493B901D1B33EB577DB64AADD948F9CE  C:\\Windows\\migration\\wtr\\MicrosoftBrowser.exe2CABB721681455DAE1B6A26709DEF453  C:\\Windows\\pla\\reports\\winlog.exe1B39E86EB772A0E40060B672B7F574F1 C:\\Windows\\System32\\timecontrolsvc\\vmnetdrv64.exe1D401D6E6FC0B00AAA2C65A0AC0CFD6B C:\\Windows\\setup\\scripts\\install\\software\\activation\\aact\\dfsvc.exe40A562B8600F843B717BC5951B2E3C29  C:\\Windows\\branding\\scat.exeF721A76DEB28FD0B80D27FCE6B8F5016  C:\\Windows\\ime\\imekr\\dicts\\dfsvc.exeD3C8AFD22BAA306FF659DB1FAC28574A  C:\\ProgramData\\update_[redacted].exe6D7B2D1172BBDB7340972D844F6F0717 C:\\Users\\[redacted]\\AppData\\Local\\1c\\1cv8\\1cv8ud.exeC:\\Users\\[redacted]\\AppData\\Local\\1c\\1cv8\\svc.exe9769F43B9DE8D19E803263267FA6D62E C:\\Users\\[redacted]\\AppData\\Local\\1c\\1cv8\\1cv8ud.exe63B6BE9AE8D8024A40B200CCCB438F1D  C:\\Windows\\notepad.exe6AA586BCC45CA2E92A4F0EF47E086FA1  C:\\Windows\\splwow32.exeEBA3BCDB19A7E256BF8E2CC5B9C1CCA9   C:\\Users\\[redacted]\\Desktop\\soc\\stant.exeB4E183627B7399006C1BC47B3711E419  C:\\WINDOWS\\ime\\service.exeF56B31A4B47AD3365B18A7E922FBA1A8  dfsvc.exeF6F62456FB0FCC396FB654CBED339BC3   \u201325C8ED0511375DCA57EF136AC3FA0CCA   C:\\branding\\dwmw.exe\nBrowser checker\n5329F7BFF9D0D5DB28821B86C26D628F  C:\\ProgramData\\checker_[redacted].exe\nReverseSocks\n2B4BA4FACF8C299749771A3A4369782E  C:\\Windows\\PLA\\System\\bounce.exeC:\\Windows\\pla\\print_status.exeBA9CE06641067742F2AFC9691FAFF1DC   C:\\ProgramData\\hp\\client.exeFB0F8027ACF1B1E47E07A63D8812ED50   C:\\Windows\\System32\\timecontrolsvc\\vmnetdrv64.exeBBF1FA694122E07635DEEAC11AD712F8   C:\\Windows\\System32\\HostManagement.exeF301AA3D62B5095EEC4D8E34201A4769   C:\\Windows\\ime\\imejp\\msfu.exeF9C3BBE108566D1A6B070F9C5FB03160   C:\\Windows\\ime\\imetc\\help\\IMTCEN14.exe\nMalicious MS Office documents\n369B75BDCDED16469EDE7AB8BEDCFAE19EAAE9491F6A50D6DF0BE393734A44CB3E6E9DF00A764B348EC611EE8504ACA09BD788F285E32A05E6591D1EB36EBFFCF42085522EC2EBB16EDCF814E7C330AD2042EB5D52F0B535A1CE6B6F954C8C2B2AA1E9765EF6B00B94A9B6BE0041436A36120F5E9411BCBAC7104EF3FA964ED25000A353399500BC78381DC95B6ED2DC579A9952D31CAD801A3988DBE7914CE7867B634588C0FD6B26684D502C15AB0338FA4306FA4406BA31CF171AF4D36E3483EDDE9F7EEEFAC0363413972F35572BCC751619BFEC0DC4607C17112B9E3B2CA632858F14B36F03D0F213F5F5D6BFF2097CA205AD9E3B72018750280904718C69121C36EB8BF77962DCA825FCFFD873C5702EB250F855C8C872FFFB9BB656EDED34F5A136FBA4FDEA976570FAA33ED70577DB70844E88B32B954906E2F2079828ECF8FB6719E14231B94B4D37629B0E0857C84B62289A1A9F29E19244E9A4990C514E137860F489E3801213460EF93850568B1F9335A7E3BA4E5DF035A8FB867F776AD200287D6DE14A29158C45717951F7F794ED43FB90D0F8EBBB5EFFE628B8C753DD254509FBA5077FFD5067EAB0BC3739DEC8CD8F54F3F60A85F3ED600EEC076CD21C483A40156F4E40D08DADED216CB7F31D383C0DD892B284DF05A495116F59E70A9DF97F4ADAEA71EECB1E9A7242AC065B50BCDE9308756B49DBADCB8158552950D2E13B075001CE0C52AA97A75DBED984963B9AB21309C5B2F8FD9B0320DD389FDBAB25D46792BD2817675E5339D1A666F3E40FE756505CF1D87D4B67D7E3AEEB673BF60C59361C12A4ED8189572F0ED20791A5AC9FC4267D67CCB0B6AAE073E7BFEBF4D643C2BBEB5C02E1344CA9EA07CD4AC90EF27F8890D4EC05\nDomains and IPs\nReverse SSH/Socks domains\ntenkoff[.]orgcloudguide[.]ingoverru[.]comkufar[.]orgultimatecore[.]netspbnews[.]netonedrivesupport[.]net\nMalicious and compromised domains used in MS Office documents\namerikastaj[.]combigbang[.]mepaleturquoise-dragonfly-364512.hostingersite[.]comwizzifi[.]comtotallegacy[.]orgmamurjor[.]comlandscapeuganda[.]comlafortunaitalian.co[.]ukkommando[.]liveinternationalcommoditiesllc[.]comhumanitas[.]sifishingflytackle[.]comfirsai.tipshub[.]netalnakhlah.com[.]saallgoodsdirect.com[.]auagenciakharis.com[.]br\nPowershell payload staging\nistochnik[.]orgznews[.]netiinvestika-club[.]com194.102.104[.]20746.17.45[.]5646.17.45[.]4946.17.44[.]12546.17.44[.]212185.22.154[.]73194.87.196[.]163195.58.49[.]993.125.114[.]19393.125.114[.]5745.87.219[.]11637.228.129[.]224185.53.179[.]136185.126.239[.]775.181.21[.]75146.70.53[.]17145.15.65[.]134185.250.181[.]20781.30.105[.]71\nFile paths\nVBS scripts\nWriteToSchedulerKillSSH.vbsCreate_task_day.vbsWriteToSchedulerGenerateKey.vbsC:\\Windows\\INF\\Run.vbsc:\\Windows\\INF\\install.vbsUpdate.vbsc:\\Windows\\PLA\\System\\Gen.vbsC:\\Windows\\INF\\GenK.vbsc:\\Windows\\PLA\\System\\Kill.vbsc:\\Windows\\PLA\\System\\Run.vbs\nssh.exe\nc:\\Windows\\ime\\imejp\\Asset.exec:\\Windows\\PLA\\System\\conhosts.exec:\\Windows\\INF\\BITS\\esentprf.exec:\\Windows\\INF\\MSDTC\\RuntimeBrokers.exec:\\Windows\\inf\\diagnostic.exe\nReverseSocks\nC:\\Windows\\PLA\\System\\bounce.exeC:\\ProgramData\\hp\\client.exeC:\\Windows\\System32\\timecontrolsvc\\vmnetdrv64.exe\nTor client\nC:\\Windows\\Resources\\Update\\Intel.exeC:\\Windows\\INF\\package.exe \nsecurelist.com/cloud-atlas-202\u2026", "creation_timestamp": "2026-05-22T09:57:40.239984Z"}, {"uuid": "d7c35731-f446-4262-b1c7-bcdd195963be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://infosec.exchange/users/technadu/statuses/116618899685300978", "content": "Cloud Atlas APT campaigns targeting Russia & Belarus are leveraging phishing, CVE-2018-0802, SSH tunnels, and a new \u201cPowerCloud\u201d tool that exfiltrates data into Google Sheets.\nhttps://www.technadu.com/cloud-atlas-apt-targets-russia-and-belarus-government-and-diplomatic-entities-with-powercloud-tool/628312/\n#CyberSecurity #ThreatIntel #APT #InfoSec #Malware", "creation_timestamp": "2026-05-22T15:19:52.074444Z"}, {"uuid": "404b1798-20b1-4f96-9008-62287be34c85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://bsky.app/profile/technadu.com/post/3mmhaegolq22d", "content": "Cloud Atlas APT is reportedly targeting government & diplomatic entities in Russia and Belarus using phishing emails, CVE-2018-0802 exploits, and a new \u201cPowerCloud\u201d exfiltration tool that writes stolen data into Google Sheets.\n\n#CyberSecurity #APT #ThreatIntel #InfoSec", "creation_timestamp": "2026-05-22T15:22:38.936176Z"}, {"uuid": "570126c8-ed2a-4d52-9812-52c9fb1e0735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0802", "type": "seen", "source": "https://bsky.app/profile/technadu.com/post/3mmhag5r7zk2d", "content": "Cloud Atlas APT is reportedly targeting government & diplomatic entities in Russia and Belarus using phishing emails, CVE-2018-0802 exploits, and a new \u201cPowerCloud\u201d exfiltration tool that writes stolen data into Google Sheets.\n\n#CyberSecurity #APT #ThreatIntel #InfoSec", "creation_timestamp": "2026-05-22T15:22:39.513785Z"}]}