• Advertise
  • SS7 Hacking
Saturday, January 28, 2023
No Result
View All Result
I Need Hack - Hacking Tutorials, News, Tips
  • Home
  • Exploits

    Razer Synapse 3.7.0731.072516 Local Privilege Escalation

    Micro Focus GroupWise Session ID Disclosure

    PHPJabbers Car Rental Script 3.0 SQL Injection

    Secure Web Gateway 10.2.11 Cross Site Scripting

    Inout Jobs Portal 2.2.2 Cross Site Scripting

    Inout Jobs Portal 2.2.2 SQL Injection

    Inout Music 5.1.1 SQL Injection

    Cacti 1.2.22 Command injection

    Inout Search Engine 10.1.3 Cross Site scripting

    Trending Tags

    • sms exploit
    • ss7 software
    • simswap software
    • jpg exploit
    • kali linux
  • Hacking News

    TROJANPUZZLE Attack Forces AI Assistants to Suggest Rogue Coding

    Multiple Vulnerabilities Found In Samsung Galaxy App Store App

    Researchers Find Class Pollution-A Prototype Pollution Variant That Affects Python

    Be on the lookout for this AnyDesk Phishing campaign that delivers Vidar info stealer

    Brave Browser turns your device into a proxy for others via “Snowflake” Feature

    This tool, “telerwaf”, protects go apps from web-based attacks

    Microsoft Patch Tuesday, January 20,23 with 98 Bug Fixes

    Multiple bug fixes released by Qualcomm and Lenovo

    Fortinet Patched Multiple Vulnerabilities In FortiADC And FortiTester

  • Hacking Tools
    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

    Monitor Docker containers metrics and other events

    Management of vulnerability with Wazuh Open Source XDR

    Seven Tips for Building a Banking App That is User-Friendly

    Trending Tags

    • hacking tools
    • hacking software
    • hacking tips
    • ss7 attacks
    • simswap software
    • sms exploit
  • Hacking Tutorials
    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

    Monitor Docker containers metrics and other events

    CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

    CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

    Management of vulnerability with Wazuh Open Source XDR

  • Kali Linux

    The Terminal Application Cypherhound contains 260+ Neo4j Cyphers for BloodHound DataSets

    Subparse: Modular Malware Analysis Artifact Collection And Correlation Framework

    AzureHound : Azure Data Exporter For BloodHound

    Xerror is an automated penetration testing tool with GUI

    Mongoaudit is an audit and pentesting tool for MongoDB databases

    ADFSRelay – Proof of Concept Utilities Developed For Researching NTLM Relaying Attacks Targeting ADFS

    Azure Sentinel protects Kubernetes deployments

    Reconator Automated Recon For Pentesting and Bug Bounty

    Kali Linux (is!) Everywhere

    Trending Tags

    • kali linux
    • kali tools
    • hacking tools kali
    • kali hacking
    • pentesting
  • Security
    PlugX Malware Sneaks Onto Windows PCs Through USB Devices

    PlugX Malware Sneaks Onto Windows PCs Through USB Devices

    Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

    Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

    Hackers Abuse Legitimate Remote Monitoring Tools to Steal Banking Data

    Hackers Abuse Legitimate Remote Monitoring Tools to Steal Banking Data

    Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized

    Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized

    New Python Malware Targeting Windows Devices

    New Python Malware Targeting Windows Devices

    Blank Image Attack: Blank Images Used to Evade Anti-Malware Checks

    Blank Image Attack: Blank Images Used to Evade Anti-Malware Checks

    Ticketmaster: Taylor Swift ticket sales disrupted by bot-driven attack

    Ticketmaster: Taylor Swift ticket sales disrupted by bot-driven attack

    U.S. Sues Google for Dominance Over Digital Advertising Technologies

    U.S. Sues Google for Dominance Over Digital Advertising Technologies

    New Wave of Cyberattacks Targeting MS Exchange Servers

    New Wave of Cyberattacks Targeting MS Exchange Servers

  • Advertise
  • Home
  • Exploits

    Razer Synapse 3.7.0731.072516 Local Privilege Escalation

    Micro Focus GroupWise Session ID Disclosure

    PHPJabbers Car Rental Script 3.0 SQL Injection

    Secure Web Gateway 10.2.11 Cross Site Scripting

    Inout Jobs Portal 2.2.2 Cross Site Scripting

    Inout Jobs Portal 2.2.2 SQL Injection

    Inout Music 5.1.1 SQL Injection

    Cacti 1.2.22 Command injection

    Inout Search Engine 10.1.3 Cross Site scripting

    Trending Tags

    • sms exploit
    • ss7 software
    • simswap software
    • jpg exploit
    • kali linux
  • Hacking News

    TROJANPUZZLE Attack Forces AI Assistants to Suggest Rogue Coding

    Multiple Vulnerabilities Found In Samsung Galaxy App Store App

    Researchers Find Class Pollution-A Prototype Pollution Variant That Affects Python

    Be on the lookout for this AnyDesk Phishing campaign that delivers Vidar info stealer

    Brave Browser turns your device into a proxy for others via “Snowflake” Feature

    This tool, “telerwaf”, protects go apps from web-based attacks

    Microsoft Patch Tuesday, January 20,23 with 98 Bug Fixes

    Multiple bug fixes released by Qualcomm and Lenovo

    Fortinet Patched Multiple Vulnerabilities In FortiADC And FortiTester

  • Hacking Tools
    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

    Monitor Docker containers metrics and other events

    Management of vulnerability with Wazuh Open Source XDR

    Seven Tips for Building a Banking App That is User-Friendly

    Trending Tags

    • hacking tools
    • hacking software
    • hacking tips
    • ss7 attacks
    • simswap software
    • sms exploit
  • Hacking Tutorials
    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

    Monitor Docker containers metrics and other events

    CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

    CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

    Management of vulnerability with Wazuh Open Source XDR

  • Kali Linux

    The Terminal Application Cypherhound contains 260+ Neo4j Cyphers for BloodHound DataSets

    Subparse: Modular Malware Analysis Artifact Collection And Correlation Framework

    AzureHound : Azure Data Exporter For BloodHound

    Xerror is an automated penetration testing tool with GUI

    Mongoaudit is an audit and pentesting tool for MongoDB databases

    ADFSRelay – Proof of Concept Utilities Developed For Researching NTLM Relaying Attacks Targeting ADFS

    Azure Sentinel protects Kubernetes deployments

    Reconator Automated Recon For Pentesting and Bug Bounty

    Kali Linux (is!) Everywhere

    Trending Tags

    • kali linux
    • kali tools
    • hacking tools kali
    • kali hacking
    • pentesting
  • Security
    PlugX Malware Sneaks Onto Windows PCs Through USB Devices

    PlugX Malware Sneaks Onto Windows PCs Through USB Devices

    Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

    Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

    Hackers Abuse Legitimate Remote Monitoring Tools to Steal Banking Data

    Hackers Abuse Legitimate Remote Monitoring Tools to Steal Banking Data

    Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized

    Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized

    New Python Malware Targeting Windows Devices

    New Python Malware Targeting Windows Devices

    Blank Image Attack: Blank Images Used to Evade Anti-Malware Checks

    Blank Image Attack: Blank Images Used to Evade Anti-Malware Checks

    Ticketmaster: Taylor Swift ticket sales disrupted by bot-driven attack

    Ticketmaster: Taylor Swift ticket sales disrupted by bot-driven attack

    U.S. Sues Google for Dominance Over Digital Advertising Technologies

    U.S. Sues Google for Dominance Over Digital Advertising Technologies

    New Wave of Cyberattacks Targeting MS Exchange Servers

    New Wave of Cyberattacks Targeting MS Exchange Servers

  • Advertise
No Result
View All Result
I Need Hack - Hacking Tutorials, News, Tips
SS7 SMS Intercept SS7 SMS Intercept SS7 SMS Intercept
Home Security

North Korean APT37 Hackers Exploited IE Zero-Day Vulnerability Remotely

by Ineedhack
December 8, 2022
in Security
0
79
SHARES
493
VIEWS
Share on FacebookShare on Twitter
Kripkey Spy Phone Kripkey Spy Phone Kripkey Spy Phone

Google Threat Analysis team discovered an incident involving the North Korean APT37 hackers group. They exploited an Internet Explorer Zero day vulnerability.

Threat actors tried to exploit this vulnerability by using a weaponized file that was also used to target victims in South Korea. This APT37 is believed to have been a state-sponsored hacker organization operating under the North Korean government.

A zero-day Internet Explorer vulnerability ( ) is located in the JScript engine. This allows attackers execute arbitrary code to exploit the flaw. After successful attempts, actors can take full control of the browser and the victim will load the malicious website.

Google Threat Analysis Group .


IE0-Day (CVE-202-21128) Technical Analysis

Multiple submissions of malicious Microsoft Office documents were uploaded from South Korea to Virus Total Engine ” 221031 Seoul Yongsan Itaewon incident response situation (06:00).docx”. This refers the large South Korean Halloween incident which caused several deaths.

After clicking on the file, a remote rich text template (RTF), is downloaded. This remote template can be used to fetch remote HTML content. It renders only through IE. The technique has been widely utilized by many hackers.

This vector allows you to deliver IE exploits to the target without requiring them to use Internet Explorer. It also doesn’t require the victim to link the exploit to an EPM sandbox escape.


The Zero Day Exploit

This malicious file has been applied using the MotW feature (Mark-of-the-Web), which is a Windows function that protects users from files coming from unknown sources. Users are tricked by actors to disable protected views before remote RTF templates can be fetched.

The web server creates a cookie when it sends the remote RTF. This cookie is used to identify the requester and is then sent back again for the remote HTML content. It is possible that this detects HTML exploit code fetches not related to a genuine infection.

The Javascript exploit also double-checked that the cookie had been set prior to launching the exploit. It reported back to the command and control server two times while dropping it and once it was executed successfully.

Windows API was resolved using Shell code and the customized hash algorithm. The interesting thing is that Shellcode cleared all exploitation tracks in browsers and cleared the caches, before downloading the next stage.

In the course of their campaign, hackers also launched malicious documents to try and exploit the vulnerability.

Researchers were unable to recover the payload final, but they did find that it was connected with other implants, such as and and .


IOCs (Indicators of Compromis)


Initial documents:

  • 56ca24b57c4559f834c190d50b0fe89dd4a4040a078ca1f267d0bbc7849e9ed7
  • af5fb99d3ff18bc625fb63f792ed7cd955171ab509c2f8e7c7ee44515e09cebf
  • 926a947ea2b59d3e9a5a6875b4de2bd071b15260370f4da5e2a60ece3517a32f
  • 3bff571823421c013e79cc10793f238f4252f7d7ac91f9ef41435af0a8c09a39
  • c49b4d370ad0dcd1e28ee8f525ac8e3c12a34cfcf62ebb733ec74cca59b29f82


Remote TTF Template:

  • 08f93351d0d3905bee5b0c2b9215d448abb0d3cf49c0f8b666c46df4fcc007cb

Secure Web Gateway, Web Filter Rules Activity Tracking and Malware Protection.

Tags: android hackingfacebook hackshack newshacking newshacking toolsiphone hackingjpg exploitsimswap attackssms exploitsms interceptss7 attacksss7 hackss7 softwaretik tok hacktwitter hack
Ineedhack

Ineedhack

Next Post

DeFiChain's Grand Central Hard Fork is Now LIVE

Sim Swap Software Sim Swap Software Sim Swap Software

Recommended

XNU vm_map_copy_overwrite_unaligned Race Condition

2 weeks ago

This tool, “telerwaf”, protects go apps from web-based attacks

2 weeks ago

Popular News

    • Advertise
    • SS7 Hacking

    ©2017- 2022 Hacking Tutorials

    No Result
    View All Result
    • Home
    • Exploits
    • Hacking News
    • Hacking Tools
    • Hacking Tutorials
    • Kali Linux
    • Security
    • Advertise