OP 06 March, 2019 - 11:04 AM
(This post was last modified: 06 March, 2019 - 08:42 PM by klazim2000.)
“Hackers are using booby-trapped Word documents to deliver malware to unsuspecting victims. The malware exploits Windows Object Linking and Embedding (OLE) features, which allow users to link to documents and other objects – in this case, a malicious remote server.”
Source: https://www.vadesecure.com/en/word-doc-malware/
This tool was created by the AutoLog team and has been since leaked. Here is the latest version of their OLE Doc Exploit.
![[Image: DOC_Exploit_KBFacyO3W5.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fwww.0dayexploits.net%2Fwp-content%2Fuploads%2F2019%2F03%2FDOC_Exploit_KBFacyO3W5.png)
This embeds the executable into the document making it so that the document will scan and show the same virus scan as your executable. If you have a good crypt, if it's scan is fud then so will be your document.
Virus Total: https://www.virustotal.com/#/file/3aa395.../detection
Download: https://www.0dayexploits.net/product/ole-doc-exploit/
NOTE: I DID NOT CREATE THIS. The virus total shows 22/67 and indicates "BitcoinMiner" etc... ALWAYS RUN THIS IN SANDBOXIE[url=https://www.sandboxie.com/][/url]
Source: https://www.vadesecure.com/en/word-doc-malware/
This tool was created by the AutoLog team and has been since leaked. Here is the latest version of their OLE Doc Exploit.
This embeds the executable into the document making it so that the document will scan and show the same virus scan as your executable. If you have a good crypt, if it's scan is fud then so will be your document.
Virus Total: https://www.virustotal.com/#/file/3aa395.../detection
Download: https://www.0dayexploits.net/product/ole-doc-exploit/
NOTE: I DID NOT CREATE THIS. The virus total shows 22/67 and indicates "BitcoinMiner" etc... ALWAYS RUN THIS IN SANDBOXIE[url=https://www.sandboxie.com/][/url]
