Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.MS17-010.NASL
HistoryMar 20, 2017 - 12:00 a.m.

MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)

2017-03-2000:00:00
This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7927
JSON

The remote Windows host is affected by the following vulnerabilities :

  • Multiple remote code execution vulnerabilities exist in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted packet, to execute arbitrary code. (CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148)

  • An information disclosure vulnerability exists in Microsoft Server Message Block 1.0 (SMBv1) due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, via a specially crafted packet, to disclose sensitive information. (CVE-2017-0147)

ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY are four of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers. WannaCry / WannaCrypt is a ransomware program utilizing the ETERNALBLUE exploit, and EternalRocks is a worm that utilizes seven Equation Group vulnerabilities. Petya is a ransomware program that first utilizes CVE-2017-0199, a vulnerability in Microsoft Office, and then spreads via ETERNALBLUE.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(97833);
  script_version("1.30");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/25");

  script_cve_id(
    "CVE-2017-0143",
    "CVE-2017-0144",
    "CVE-2017-0145",
    "CVE-2017-0146",
    "CVE-2017-0147",
    "CVE-2017-0148"
  );
  script_bugtraq_id(
    96703,
    96704,
    96705,
    96706,
    96707,
    96709
  );
  script_xref(name:"EDB-ID", value:"41891");
  script_xref(name:"EDB-ID", value:"41987");
  script_xref(name:"MSFT", value:"MS17-010");
  script_xref(name:"IAVA", value:"2017-A-0065");
  script_xref(name:"MSKB", value:"4012212");
  script_xref(name:"MSKB", value:"4012213");
  script_xref(name:"MSKB", value:"4012214");
  script_xref(name:"MSKB", value:"4012215");
  script_xref(name:"MSKB", value:"4012216");
  script_xref(name:"MSKB", value:"4012217");
  script_xref(name:"MSKB", value:"4012606");
  script_xref(name:"MSKB", value:"4013198");
  script_xref(name:"MSKB", value:"4013429");
  script_xref(name:"MSKB", value:"4012598");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/08/10");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/27");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/14");

  script_name(english:"MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is affected by the following vulnerabilities :

  - Multiple remote code execution vulnerabilities exist in
    Microsoft Server Message Block 1.0 (SMBv1) due to
    improper handling of certain requests. An
    unauthenticated, remote attacker can exploit these
    vulnerabilities, via a specially crafted packet, to
    execute arbitrary code. (CVE-2017-0143, CVE-2017-0144,
    CVE-2017-0145, CVE-2017-0146, CVE-2017-0148)

  - An information disclosure vulnerability exists in
    Microsoft Server Message Block 1.0 (SMBv1) due to
    improper handling of certain requests. An
    unauthenticated, remote attacker can exploit this, via a
    specially crafted packet, to disclose sensitive
    information. (CVE-2017-0147)

ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY are
four of multiple Equation Group vulnerabilities and exploits disclosed
on 2017/04/14 by a group known as the Shadow Brokers. WannaCry /
WannaCrypt is a ransomware program utilizing the ETERNALBLUE exploit,
and EternalRocks is a worm that utilizes seven Equation Group
vulnerabilities. Petya is a ransomware program that first utilizes
CVE-2017-0199, a vulnerability in Microsoft Office, and then spreads
via ETERNALBLUE.");
  # https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?68fc8eff");
  # https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?321523eb");
  # https://cloudblogs.microsoft.com/microsoftsecure/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/?source=mmpc
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?065561d0");
  # https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9f569cf");
  script_set_attribute(attribute:"see_also", value:"https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/");
  # https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9d9ebf9");
  # https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8dcab5e4");
  # https://www.theregister.co.uk/2017/01/18/uscert_warns_admins_to_kill_smb_after_shadow_brokers_dump/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?234f8ef8");
  # https://www.riskbasedsecurity.com/2016/08/the-shadow-brokers-lifting-the-shadows-of-the-nsas-equation-group/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c7e0cf3");
  script_set_attribute(attribute:"see_also", value:"https://github.com/stamparm/EternalRocks/");
  # https://www.tenable.com/blog/petyanotpetya-ransomware-detection-for-the-modern-enterprise
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?59db5b5b");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows Vista, 2008, 7,
2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Microsoft has also
released emergency patches for Windows operating systems that are no
longer supported, including Windows XP, 2003, and 8.

For unsupported Windows operating systems, e.g. Windows XP, Microsoft
recommends that users discontinue the use of SMBv1. SMBv1 lacks
security features that were included in later SMB versions. SMBv1 can
be disabled by following the vendor instructions provided in Microsoft
KB2696547. Additionally, US-CERT recommends that users block SMB
directly by blocking TCP port 445 on all network boundary devices. For
SMB over the NetBIOS API, block TCP ports 137 / 139 and UDP ports 137
/ 138 on all network boundary devices.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-0148");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'SMB DOUBLEPULSAR Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/03/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2017-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("os_fingerprint.nasl", "smb_v1_enabled_remote.nasl");
  script_require_keys("Host/OS", "SMB/SMBv1_is_supported");
  script_require_ports(139, 445);

  exit(0);
}

include("audit.inc");
include("misc_func.inc");
include("byte_func.inc");
include("global_settings.inc");
include("smb_func.inc");

function smb_get_error_code (data)
{
 local_var header, flags2, code;

 # Some checks in the header first
 header = get_smb_header (smbblob:data);
 if (!header)
   return NULL;

 flags2 = get_header_flags2 (header:header);
 if (flags2 & SMB_FLAGS2_32BIT_STATUS)
 {
   code = get_header_nt_error_code (header:header);
 }
 else
 {
   code = get_header_dos_error_code (header:header);
 }

 return code;
}


function my_smb_trans_and_x (setup, transname, param, data, max_pcount, max_dcount)
{
 local_var header, parameters, dat, packet, ret, pad1, trans, p_offset, d_offset, plen, dlen, slen, pad2, npad;

 npad = pad1 = pad2 = NULL;

 if (session_is_unicode () == 1)
  trans = cstring (string:transname);
 else
  trans = transname;

 header = smb_header (Command: SMB_COM_TRANSACTION,
                      Status: nt_status (Status: STATUS_SUCCESS));

 p_offset = 32 + 1 + 28 + strlen(setup) + 2 + strlen(trans);

 # Unicode transname should be aligned to 2 byte 
 if(session_is_unicode() == 1)
 {
  npad = crap(data:'\x00', length: (2 - p_offset % 2) % 2);
  p_offset += strlen(npad);
 }

 # Parameter is aligned to 4 byte
 pad1 = crap(data:'\x00', length: (4 - p_offset % 4) % 4);
 p_offset += strlen(pad1);

 # Data is aligned to 4 byte
 d_offset = p_offset + strlen (param);
 pad2 = crap(data:'\x00', length: (4 - d_offset % 4) % 4);
 d_offset += strlen(pad2);

 plen = strlen(param);
 dlen = strlen(data);
 slen = strlen(setup);

 if(isnull(max_pcount)) max_pcount =0xffff;
 if(isnull(max_dcount)) max_dcount =0xffff;

 parameters = 
        raw_word (w:plen)       +   # total parameter count
	      raw_word (w:dlen)       +   # total data count
	      raw_word (w:max_pcount) +   # Max parameter count
	      raw_word (w:max_dcount) +   # Max data count
	      raw_byte (b:0)          +   # Max setup count
        raw_byte (b:0)          +   # Reserved
	      raw_word (w:0)          +   # Flags
	      raw_dword (d:0)         +   # Timeout
	      raw_word (w:0)          +   # Reserved
	      raw_word (w:plen)       +   # Parameter count
	      raw_word (w:p_offset)   +   # Parameter offset
	      raw_word (w:dlen)       +   # Data count
	      raw_word (w:d_offset)   +   # Data offset
	      raw_byte (b:slen/2)     +   # Setup count
	      raw_byte (b:0);             # Reserved

 parameters += setup;

 parameters = smb_parameters (data:parameters);

 dat = npad +
       trans +
       pad1 +
       param +
       pad2 +
       data;

 dat = smb_data (data:dat);

 packet = netbios_packet (header:header, parameters:parameters, data:dat);

 return packet;
}


#
# MAIN
#

# Make sure it's Windows 
os = get_kb_item_or_exit("Host/OS");
if ("Windows" >!< os)
  audit(AUDIT_HOST_NOT, "Windows"); 
  
# Make sure SMBv1 is enabled
if (! get_kb_item("SMB/SMBv1_is_supported"))
  exit(0, "SMB version 1 does not appear to be enabled on the remote host."); 

if (!smb_session_init(smb2:FALSE)) audit(AUDIT_FN_FAIL, 'smb_session_init');

r = NetUseAdd(share:"IPC$");
if (r != 1)
{
  exit(1, 'Failed to connect to the IPC$ share anonymously.');
}

fid = 0; # Invalid FID 
setup = raw_word (w:0x23) + raw_word (w:fid);  

packet = my_smb_trans_and_x (setup: setup, transname:"\PIPE\");
ret = smb_sendrecv (data:packet);
if (ret)
  status = smb_get_error_code (data:ret);
else
  status = NULL;

NetUseDel();

if(! isnull(status))
{
  if(status == STATUS_INVALID_HANDLE
    ||  status == STATUS_ACCESS_DENIED # Win 10
  )
  {
    audit(AUDIT_HOST_NOT , "affected"); 
  }
  else if (status == STATUS_INSUFF_SERVER_RESOURCES)
  {
    port = kb_smb_transport();

    report = 'Sent:\n';
    report += ereg_replace(pattern:"([0-9a-f]{1,80})", replace:'\\1\n', string:hexstr(packet)) + '\n';
    report += 'Received:\n';
    report += ereg_replace(pattern:"([0-9a-f]{1,80})", replace:'\\1\n', string:hexstr(ret));

    security_report_v4(port: port, severity: SECURITY_HOLE, extra: report);
  }
  else
  {
    status = "0x" + toupper(hexstr(mkdword(status)));
    audit(AUDIT_RESP_BAD, port, "an SMB_COM_TRANSACTION request. Status code: " + status);
  }
}
else
{
  exit(1, "Failed to get response status for an SMB_COM_TRANSACTION request."); 
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

nessus 2
seebug 3
mskb 7
packetstorm 10
openvas 9
kaspersky 1
zdt 12
rapid7community 9
f5 1
attackerkb 6
cve 7
prion 7
huawei 1
trendmicroblog 4
mmpc 5
threatpost 15
canvas 2
avleonov 2
thn 12
qualysblog 2
rapid7blog 1
cisa_kev 7
checkpoint_advisories 7
symantec 5
mscve 7
saint 10
talosblog 5
malwarebytes 8
trellix 2
carbonblack 1
myhack58 9
kitploit 1
fireeye 7
securelist 6
exploitpack 1
metasploit 1
ics 1
hivepro 1
mssecure 1
cert 1
nessus
nessus
MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya)
2017-03-15 00:00:00
KB4014793: Microsoft Wordpad Remote Code Execution vulnerability (April 2017)
2017-10-20 00:00:00
seebug
seebug
ETERNALBLUE - Remote RCE via SMB & NBT (Windows XP to Windows 2012)
2017-04-15 00:00:00
EternalChampion - Windows SMB Remote Code Execution Vulnerability (CVE-2017-0146)
2017-04-17 00:00:00
Microsoft Office OLE2Link vulnerability (CVE-2017-0199)
2017-04-12 00:00:00
mskb
mskb
MS17-010: Description of the security update for Windows SMB Server: March 14, 2017
2017-03-14 07:00:00
MS17-010: Security update for Windows SMB Server: March 14, 2017
2017-03-14 00:00:00
Description of the security update for Office 2016: April 11, 2017
2017-04-11 07:00:00
packetstorm
packetstorm
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
2017-05-17 00:00:00
DOUBLEPULSAR Payload Execution / Neutralization
2019-10-01 00:00:00
SMB DOUBLEPULSAR Remote Code Execution
2020-02-04 00:00:00
openvas
openvas
Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)
2017-03-22 00:00:00
Microsoft Windows SMB Server Multiple Vulnerabilities (4013389)
2017-03-15 00:00:00
Double Pulsar Infection Detect
2017-04-18 00:00:00
kaspersky
kaspersky
KLA10977 Multiple vulnerabilities in Microsoft Server Message Block (SMB)
2017-03-14 00:00:00
zdt
zdt
DOUBLEPULSAR - Payload Execution and Neutralization Exploit
2019-10-04 00:00:00
SMB DOUBLEPULSAR Remote Code Execution Exploit
2020-02-04 00:00:00
Microsoft Windows - Uncredentialed SMB RCE (MS17-010) Exploit
2017-04-17 00:00:00
rapid7community
rapid7community
Vulnerability Management Tips for the Shadow Brokers Leaked Exploits
2017-05-24 23:14:26
Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose
2017-05-15 18:25:42
Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010
2017-08-03 16:56:04
f5
f5
K57181937 : Multiple Microsoft SMB (Wannacry/Wannacrypt/Petya/Goldeneye) vulnerabilities
2017-05-16 00:00:00
attackerkb
attackerkb
CVE-2017-0143
2017-03-17 00:00:00
CVE-2017-0144 (MS17-010)
2017-03-17 00:00:00
CVE-2017-0148
2017-03-17 00:00:00
cve
cve
CVE-2017-0144
2017-03-17 00:59:00
CVE-2017-0143
2017-03-17 00:59:00
CVE-2017-0146
2017-03-17 00:59:00
prion
prion
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
Remote code execution
2017-03-17 00:59:00
huawei
huawei
Security Advisory - 'WannaCry ransomware' Vulnerabilities in Microsoft Windows Systems
2017-05-13 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 26, 2017
2017-06-30 12:00:57
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 15, 2017
2017-05-19 12:00:15
Double Whammy: When One Attack Masks Another Attack
2017-11-20 16:29:06
mmpc
mmpc
New ransomware, old techniques: Petya adds worm capabilities
2017-06-28 06:57:43
Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene
2017-09-06 14:58:36
WannaCrypt ransomware worm targets out-of-date systems
2017-05-13 06:40:39
threatpost
threatpost
PyRoMine Uses NSA Exploit for Monero Mining and Backdoors
2018-04-26 18:21:13
ShadowBrokers' Windows Zero-Days Already Patched
2017-04-17 14:06:34
EternalBlue Exploit Used in Retefe Banking Trojan Campaign
2017-09-22 14:02:28
canvas
canvas
Immunity Canvas: MS17_010
2017-03-17 00:59:00
Immunity Canvas: ETERNALBLUE
2017-03-17 00:59:00
avleonov
avleonov
Petya the Great and why *they* don’t patch vulnerabilities
2017-06-29 21:29:50
Downloading entire Vulners.com database in 5 minutes
2017-08-09 17:49:03
thn
thn
Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities
2021-06-03 17:01:00
Bad Rabbit Ransomware Uses Leaked 'EternalRomance' NSA Exploit to Spread
2017-10-26 23:57:00
More Hacking Groups Found Exploiting SMB Flaw Weeks Before WannaCry
2017-05-19 01:52:00
qualysblog
qualysblog
Emotet Re-emerges with Help from TrickBot
2022-01-06 14:05:53
The Shadow Brokers Release Zero Day Exploit Tools
2017-04-15 07:11:21
rapid7blog
rapid7blog
Conti Ransomware Group Internal Chats Leaked Over Russia-Ukraine Conflict
2022-03-01 19:15:58
cisa_kev
cisa_kev
Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability
2021-11-03 00:00:00
Microsoft SMBv1 Server Remote Code Execution Vulnerability
2022-04-06 00:00:00
Microsoft SMBv1 Remote Code Execution Vulnerability
2022-02-10 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0148)
2017-05-16 00:00:00
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0143)
2017-03-14 00:00:00
Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0145)
2017-03-14 00:00:00
symantec
symantec
Microsoft Windows SMB Server CVE-2017-0148 Remote Code Execution Vulnerability
2017-03-14 00:00:00
Microsoft Windows SMB Server CVE-2017-0143 Remote Code Execution Vulnerability
2017-03-14 00:00:00
Microsoft Windows SMB Server CVE-2017-0144 Remote Code Execution Vulnerability
2017-03-14 00:00:00
mscve
mscve
Windows SMB Remote Code Execution Vulnerability
2017-03-14 07:00:00
Windows SMB Remote Code Execution Vulnerability
2017-03-14 07:00:00
Windows SMB Remote Code Execution Vulnerability
2017-03-14 07:00:00
saint
saint
Windows SMBv1 Remote Command Execution
2017-04-26 00:00:00
Windows SMBv1 Remote Command Execution
2017-04-26 00:00:00
Windows SMB PsImpersonateClient null token vulnerability
2017-07-13 00:00:00
talosblog
talosblog
Cisco Coverage for Adylkuzz, Uiwix, and EternalRocks
2017-05-22 15:14:00
New campaign uses government, union-themed lures to deliver Cobalt Strike beacons
2022-09-28 12:12:00
JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
2020-01-19 02:58:29
malwarebytes
malwarebytes
Threat spotlight: the curious case of Ryuk ransomware
2019-12-12 22:33:53
How threat actors are using SMB vulnerabilities
2018-12-14 16:00:00
Fake IRS notice delivers customized spying tool
2017-09-21 15:00:24
trellix
trellix
How Groove Gang is Shaking up the RAAS to Empower Affiliates
2021-09-08 00:00:00
How Groove Gang is Shaking up the RAAS to Empower Affiliates
2021-09-08 00:00:00
carbonblack
carbonblack
CB TAU Technical Analysis: DLTMiner Campaign Targeting Corporations in Asia
2019-07-23 13:47:50
myhack58
myhack58
The SMB vulnerability triggered“bloodshed”, far more than WannaCry-vulnerability warning-the black bar safety net
2017-05-23 00:00:00
A newline character causes the Oscar vulnerability 0day(CVE-2017-8759)reproduction-latest Office the highest level of threat attack warning-vulnerability warning-the black bar safety net
2017-09-13 00:00:00
CVE-2017-0199: in-depth analysis of the Microsoft Office RTF vulnerability-vulnerability warning-the black bar safety net
2017-06-08 00:00:00
kitploit
kitploit
Eternal - An internet scanner for Eternal Blue [exploit CVE-2017-0144]
2017-07-22 20:30:00
fireeye
fireeye
CVE-2017-0199 Used as Zero Day to Distribute FINSPY Espionage Malware and LATENTBOT Cyber Crime Malware
2017-04-12 15:00:00
CVE-2017-0199 Used as Zero Day to Distribute FINSPY Espionage Malware and LATENTBOT Cyber Crime Malware
2017-04-12 11:00:00
CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler
2017-04-11 13:30:00
securelist
securelist
APT Trends report Q3 2017
2017-11-14 09:41:27
RevengeHotels: cybercrime targeting hotel front desks worldwide
2019-11-28 10:00:48
The BlueNoroff cryptocurrency hunt is still on
2022-01-13 09:00:23
exploitpack
exploitpack
Microsoft Word - .RTF Remote Code Execution
2017-04-18 00:00:00
metasploit
metasploit
Microsoft Office Word Malicious Hta Execution
2017-04-15 02:32:48
ics
ics
Dridex Malware
2020-06-30 12:00:00
hivepro
hivepro
SnatchCrypto campaign carried out by North Korean APT 38 subsidiary BlueNoroff
2022-01-14 06:23:18
mssecure
mssecure
Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis
2018-07-11 18:50:14
cert
cert
Microsoft OLE URL Moniker improperly handles remotely-linked HTA data
2017-04-10 00:00:00
JSON
Related for MS17-010.NASL
nessus2seebug3mskb7packetstorm10openvas9kaspersky1zdt12rapid7community9f51attackerkb6cve7prion7huawei1trendmicroblog4mmpc5threatpost15canvas2avleonov2thn12qualysblog2rapid7blog1cisa_kev7checkpoint_advisories7symantec5mscve7saint10talosblog5malwarebytes8trellix2carbonblack1myhack589kitploit1fireeye7securelist6exploitpack1metasploit1ics1hivepro1mssecure1cert1