Source |
Palo Alto Network |
Identifiant |
274261 |
Date de publication |
2016-12-15 13:00:05 (vue: 2016-12-15 13:00:05) |
Titre |
Let It Ride: The Sofacy Group\'s DealersChoice Attacks Continue |
Texte |
Recently, Palo Alto Networks Unit 42 reported on a new exploitation platform that we called “DealersChoice†in use by the Sofacy group (AKA APT28, Fancy Bear, STRONTIUM, Pawn Storm, Sednit).  As outlined in our original posting, the DealersChoice exploitation platform generates malicious RTF documents which in turn use embedded OLE Word documents. These embedded OLE Word documents then contain embedded Adobe Flash (.SWF) files that are designed to exploit Abode Flash vulnerabilities. At the time of initial reporting, we found two variants: Variant A: A standalone variant that included Flash …
|
Envoyé |
Oui |
Condensat |
abode adobe alto appeared apt28 are attacks bear blog called contain continue dealerschoice designed documents embedded exploit exploitation fancy files first flash found generates group included initial let malicious networks new ole original outlined palo pawn platform post posting recently reported reporting ride: rtf sednit sofacy standalone storm strontium swf then these time turn two unit use variant variants: vulnerabilities which word â as “dealerschoice†|
Tags |
|
Stories |
APT 28
|
Notes |
|
Move |
|