CVE-2017-8570

EtterSilent has been advertised in a Russian cybercrime forum and comes in two versions. One exploits a vulnerability in Microsoft Office, CVE-2017-8570, and one uses a malicious macro.

Hackers are using a new, malleable malicious document builder known as EtterSilent. The tool comes in two versions –– one exploits a vulnerability in Microsoft Office, CVE-2017-8570, and one uses a malicious macro.

Maldoc (CVE-2017-8570) drops #Makop #ransomware. IOCs: 40e52901b36981803ed70fdb38a78537aa03658ecd8b17c9797f92b7b135d955 95.216.86[.]40/X.exe c5ec4ced753e67fba6b0b4a720f5bb6611fbbaa6f74e9369193735d42258a0c0

(Same from about 12 hours ago.) I think that the third retweeted(23 times) tweet that contains CVE ID between Jan 18 2021 17:01 UTC and Jan 19 2021 17:00 UTC is: /MBThreatIntel/status/1351222446888783877 It has CVE-2017-8570. #l24_cj237mtjdexma

CVE-2017-8570 Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote ... https://t.co/e3Gdhw8cCW?amp=1 Get alerted before hackers: https://t.co/xRmEKSqAVx?amp=1

(Same from about 10 hours ago.) I think that the third retweeted(21 times) tweet that contains CVE ID between Jan 18 2021 15:01 UTC and Jan 19 2021 15:00 UTC is: /MBThreatIntel/status/1351222446888783877 It has CVE-2017-8570. #l24_cj237mtjdexma

(Same from about 4 hours ago.) I think that the second retweeted(13 times) tweet that contains CVE ID between Jan 17 2021 23:01 UTC and Jan 18 2021 23:00 UTC is: /MBThreatIntel/status/1351222446888783877 It has CVE-2017-8570. #l24_cj237mtjdexma

CVE-2017-8570 Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from ... https://t.co/e3Gdhw8cCW?amp=1

#cybercrime, the CVE-2017-8570 vulnerability exploited to spread #agenttesla. /csirt_it #CyberSecurity experts: The information of interest is then exfiltered via #smtp. #infosec