CVE STALKER

CVE-2017-11882

CVSS9
DESCRIPTIONMicrosoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
HEAT SCORE855

WORDS

TWEETS

DATE TWEETS USER
2021-09-14 04:02:46Pure static analysis of Russian bank Trojans #HTA #VBS CVE-2017-11882 EXE = https://t.co/ri6d269Ui2 ("chrome.exe… https://t.co/EtRdnqgH4T http://EXE.run https://twitter.com/i/web/status/1437626297140846592infinityABCDE
2021-09-14 03:40:41"Bank Swift.xlsx" CVE-2017-11882 #Agenttesla c996f64436d05eaea0854abdae67c12990457bfccd48c8dc7f75ba7d7523b5a4 gl… https://t.co/XnGcJ6sCbI https://twitter.com/i/web/status/1437621927057797124infinityABCDE
2021-09-13 15:50:07@lasq88 @GossiTheDog @James_inthe_box Win7 + CVE-2017-11882 = https://t.co/IYuKZIxGhXMax_Mal_
2021-09-13 08:21:52# A malicious .iso file # CVE-2017-11882 NAME:Order Confirmation _ Urgent.iso MD5:119e5406ebeb0575da3c07aef506717e… https://t.co/dQOaIlbOj6 https://twitter.com/i/web/status/1437329292258467842cczzbb
2021-09-09 03:03:12CVE-2017-11882 loader at http://192.3.141.149/xpay/ Index of /xpay [ICO]NameLast modifiedSizeDescription [PARENTDI… https://t.co/JLg7v9X5G3 https://twitter.com/i/web/status/1435797783412232196daitya0
2021-08-03 06:20:04#Formbook Malspam -> doc -> OpenXML Abuse ->/longurl.in shortener abuse -> CVE-2017-11882 -> payload exe -> C2… https://t.co/ukRziAXLAE https://twitter.com/i/web/status/1422441880164323334ankit_anubhav
2021-07-31 12:10:10米英豪政府のセキュリティ機関が共同で発表--悪用の多い脆弱性30件 - ZDNet Japan https://t.co/EpeyykFJYt "「Microsoft Officeに影響するCVE-2017-11882などの既知… https://t.co/GnPrjWGiBt https://japan.zdnet.com/article/35174603/ https://twitter.com/i/web/status/1421440867668160512catnap707
2021-07-31 00:50:04問題の脆弱性はCVE-2017-11882だ。この脆弱性の原因は「Microsoft Office」の数式エディタに存在するスタックバッファオーバーフローで、悪用されるとリモートからのコード実行が可能になる恐れがある。このエクスプ… https://t.co/LHHxKM8L6w https://twitter.com/i/web/status/1421271522556055552Hoguchi373
2021-07-31 00:50:03「Microsoft Officeに影響するCVE-2017-11882などの既知の古い脆弱性が、パッチが適用されずに残っていて悪用できる限り、悪意を持ったサイバーアクターはそれらを悪用し続ける可能性が高い。攻撃者が既知の脆弱性を… https://t.co/TBjbYVNC5V https://twitter.com/i/web/status/1421271712428019713Hoguchi373
2021-07-29 06:30:37"Malicious cyber actors will most likely continue to use older known vulnerabilities, such as CVE-2017-11882 affect… https://t.co/K9pPC4SIYS https://twitter.com/i/web/status/1420630366503804928BlessedDlamini
2021-07-28 16:30:23👇This is why I tell clients to ignore CVSS and focus on exploitation. For example, CVE-2017-11882 is a 7.8 (CVSSv3.… https://t.co/WmOWP8Yd5B https://twitter.com/i/web/status/1420419340277624832BrianPKime
2021-07-28 16:11:11It's true, CVE-2017-11882 has long been at the top of the list of unpatched vulnerabilities you should patch:… https://t.co/TAyfrh8Gx9 https://twitter.com/i/web/status/1420413974437236736qualys
2021-07-23 09:50:05#Infosec: Top 10 most exploited vulnerabilities between 2016 and 2019 - @CISAgov and @FBI. Mostly CVE-2017-11882,… https://t.co/Z00P1Vj4xP https://twitter.com/i/web/status/1418506241983275008dynamicCISO
2021-07-02 18:51:13☣ #AgentTesla spoofing #UPS employee emails, logos, invoices, Word Doc w/ Equation Editor (CVE-2017-11882) Filenam… https://t.co/JrVjXba2N4 https://twitter.com/i/web/status/1411033476380385286BushidoToken
2021-07-02 05:40:22Maldoc -> Websettings Abuse -> /bit.ly download -> another maldoc -> CVE-2017-11882 -> #Lokibot exe -> normal c2 fr… https://t.co/E5JOiXJWCR https://twitter.com/i/web/status/1410835384733368325ankit_anubhav
2021-07-01 17:30:10Remcos XLSX with CVE-2017-11882 wetcleaner.exe - MD5: 51ce1318c71a5a1ab1ed2314390d08c8 From: hXXp://conver[.]work… https://t.co/pgnK1GzOeW https://twitter.com/i/web/status/14106511398429777940xCARNAGE
2021-06-23 06:01:17CVE-2017-11882 #MalDoc targets #TashiCell in Bhutan. mail: 7cf63f4ece244ee3c16a4ac9d36cf6b6 document: fb833c526e0… https://t.co/pVxm6G1Oux https://twitter.com/i/web/status/1407577015021080576souiten
2021-06-21 14:00:17🚨 #FormBook via CVE-2017-11882 #malspam ➡️ Mal docs: da283f39df7a4399184f1882695048bc 752e33013becf59e32c926823f09… https://t.co/7hg0IWHpYT https://twitter.com/i/web/status/1406973188828024837MBThreatIntel
2021-06-09 16:21:06Short analysis of a recent malicious Excel document still exploiting the rather old CVE-2017-11882: https://t.co/2Ki5Y6uunj https://zeroqblog.wordpress.com/2021/06/09/yet-another-malicious-excel/_zero_q
2021-06-07 15:30:09#Azorult #malspam campaign: Spam emails contain malicious Excel files that either exploit CVE-2017-11882 or use ma… https://t.co/fuBYyvQMCE https://twitter.com/i/web/status/1401922219413061632MBThreatIntel
2021-06-04 00:40:03"The tool works by exploiting a set of vulnerabilities in Microsoft Word's Equation Editor (CVE-2017-11882, CVE-201… https://t.co/CZ8TvtBlgp https://twitter.com/i/web/status/1400613239105363968ohhara_shiojiri
2021-06-03 16:20:07Most frequently exploited vulnerabilities in 2020: CVE-2019-19781-Citrix ADC/Citrix Gateway CVE-2017-11882… https://t.co/cFHf2kBrYe https://twitter.com/i/web/status/1400486719598653441jc_vazquez
2021-06-03 15:10:09📢A massive phishing email campaign ->XLSX file used #CVE-2017-11882 exploit to download ->#CloudEyE aka #GuLoader d… https://t.co/SjfM41G4Fn https://twitter.com/i/web/status/1400467814117478404_CPResearch_
2021-06-03 10:40:06📄🗒️📋📰Open files in remote .RTF templates maybe can be exploited with...👉https://t.co/rOIX8axjCy 🏳️👁️CVE-2017-11882… https://t.co/6erJVZspQp https://zd.net/2TEI0AT https://twitter.com/i/web/status/1400400162980257793RedCiberSeg
2021-05-21 18:00:35I know patching isn't easy - but it def helps reduce your risk - ie CVE-2017-11882 continues to be leveraged in phi… https://t.co/QDZSmRl6b6 https://twitter.com/i/web/status/1395800587963228161_tdudley
2021-05-21 15:20:07#maldoc exploiting eqnedt32 #CVE-2017-11882 to drop #lokibot RFQ 20210520.docx 1005c900d1989543f01c87cc34b95986… https://t.co/GV0O6EsU2h https://twitter.com/i/web/status/1395759480462249984Circuitous__
2021-05-13 19:20:02☣ Looks like #Lokibot using linkzip[.]me and EQNEDT32 exploit (CVE-2017-11882) uploaded from UK🇬🇧 Same C2 March -… https://t.co/768LSXIuWB https://twitter.com/i/web/status/1392921685301604354BushidoToken
2021-05-12 17:10:15#opendir #malspam DHL .. still using equation editor exploit CVE-2017-11882 ! 😅 MB:a9c7ea924ea0c6af707d98184f71033… https://t.co/fybSfyWP4G https://twitter.com/i/web/status/1392526232495874049luc4m
2021-05-11 16:10:05#spam email spread Exploit.CVE-2017-11882 Exploit.CVE-2018-0802 RFQ ARN-PO-2020-11-00073 MINE.xlsx… https://t.co/SwmMlHtt8l https://twitter.com/i/web/status/1392149869494784001JAMESWT_MHT
2021-05-10 17:00:05#SnakeKeylogger via CVE-2017-11882 #malspam ➡️ Example maldoc: 79cc8c0593b05956f1d23ac078fcffca ➡️ Download URL:… https://t.co/wN6KWwgBT2 https://twitter.com/i/web/status/1391798716399562758MBThreatIntel
2021-05-09 10:00:04CVE-2017-11882 ile lokibot spread etmeye çalışan bir grup salak var0xMWR
2021-05-04 04:00:03China #APT hackers were targeting russian-based submarines since 2018, by exploiting security flaws #CVE-2017-11882… https://t.co/uRO4tEor16 https://twitter.com/i/web/status/1389429128454017024ZDayhacking
2021-05-03 17:10:03#Lokibot via CVE-2017-11882 #malspam Maldoc: PI.docx cbb56c016c1d68fff27757256744e675 Lokibot: 6d9353d2c5427b113… https://t.co/O65tnGpraS https://twitter.com/i/web/status/1389265922246987777MBThreatIntel
2021-04-23 18:10:07Added a maldoc that uses template injection to download an RTF document -> utilize CVE-2017-11882 -> drop Nanocore… https://t.co/pJPnwJIWTh https://twitter.com/i/web/status/1385655078225391616jstrosch
2021-04-21 20:00:10#AgentTesla via CVE-2017-11882 #malspam house118[.]ir/benito/polanco/PO.exe 5d2ecd7210251e5d86670bd25655976536c0ac… https://t.co/aeNfJnDdJ3 https://twitter.com/i/web/status/1384959606414323722MBThreatIntel
2021-04-01 12:10:10Nefarious Microsoft Office #vulnerability (CVE-2017-11882) is among top 10 exploits leveraged by #APT actors for… https://t.co/sGwr2Sx6XY https://twitter.com/i/web/status/1377591652051775488SOC_Prime
2021-04-01 07:20:03Meet a fresh-looking maldoc! 1️⃣ It exploits CVE-2017-11882 2️⃣ CMD starts MSHTA that ⬇️ VBS script 3️⃣ Powershell… https://t.co/JFHzEQ1slZ https://twitter.com/i/web/status/1377520547341479938anyrun_app
2021-03-23 09:20:10🔐RAR via 📩 #Exploit CVE-2017-11882 ➡️Equation Editor #snakekeylogger Payloads: ☣️hxxp://vespang[.tk/favico/abs.e… https://t.co/PeHWaNj8Js https://twitter.com/i/web/status/1374289414935961600whitehoodie4
2021-03-17 09:40:04Wow, "[CVE-2017-11882] exploit accounts for almost three-quarters of all campaigns that attempt to take advantage o… https://t.co/Dyq6lWMwaJ https://twitter.com/i/web/status/13721195952434708510patch
2021-03-16 18:40:05New post from https://t.co/uXvPWJy6tj (CVE-2017-11882 (office)) has been published on https://t.co/riE4K5oiLc http://www.sesin.at https://www.sesin.at/2021/03/16/cve-2017-11882-office/WolfgangSesin
2021-03-16 18:40:04New post from https://t.co/9KYxtdZjkl (CVE-2017-11882 (office)) has been published on https://t.co/znHa08JbQg http://www.sesin.at https://www.sesin.at/2021/03/16/cve-2017-11882-office/www_sesin_at
2021-03-16 17:40:07🚨 NEW: CVE-2017-11882 🚨 Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Offic… https://t.co/i4mYtgmlNl https://twitter.com/i/web/status/1371876518532644865threatintelctr
2021-03-14 01:20:05Found this POC tool that makes an RTF doc that uses CVE-2017-11882. The Cotizacin.doc above did not use this tool s… https://t.co/VYNGMWKF37 https://twitter.com/i/web/status/1370905985062117378accidentalrebel
2021-02-24 11:30:08@GossiTheDog @JAMESWT_MHT @James_inthe_box @malwrhunterteam @executemalware Yeah CVE-2017-11882 + VBC.EXE in… https://t.co/dNFGGZEpPi https://twitter.com/i/web/status/1364537572114980867ffforward
2021-02-13 08:20:05#LodaRAT, il trojan bancario affina lo #spying e diventa multipiattaforma... #typosquatting CVE-2017-11882 #RDP… https://t.co/sZRSPrdow6 https://twitter.com/i/web/status/1360503760196407297Slvlombardo
2021-02-09 23:00:05Only two vulnerabilities were repeated from the 2019 top 10 list: CVE-2017-11882 and CVE-2012-0158. Both vulnerabil… https://t.co/ttdjXDXnMq https://twitter.com/i/web/status/1359275525223636993johnwetzel
2021-01-28 11:20:08@papa_anniekey @58_158_177_102 確かにAgentTesla はよく届きますね~。 脆弱性はこちらでしたっけ?>CVE-2017-11882 意外と古いOfficeを使い続けているPC多いのですかね?satontonton
2021-01-25 13:50:23CVE-2017-11882 Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 S… https://t.co/wNXLWxEm4K https://twitter.com/i/web/status/1353701377034346496VulmonFeeds
2021-01-03 17:00:02☣ Classic #AgentTesla emails, using one of the most common exploits, CVE-2017-11882 (EquationEditor) Email > XLS >… https://t.co/fVAwKdaiOP https://twitter.com/i/web/status/1345776857782882307BushidoToken
2020-12-17 08:12:09#FormBook #xloader via CVE-2017-11882 exploit targeting healthcare suppliers 👿 XLSX https://t.co/pgJMSsw2FQ ⏬… https://t.co/VG33ToFizX https://bazaar.abuse.ch/sample/dd6a5782cb05511209d6848f75652c9c9e2a41fdc75bc074141b3511484231ed/ https://twitter.com/i/web/status/1339480689348128775ffforward
2020-12-17 07:20:20Exploit.CVE-2017-11882 https://t.co/mbz4QCntUw Downloads #Azorult #stealer from the /berlitz.co.rs/jay/game1.scr… https://t.co/ZaD7A4Y63E https://www.virustotal.com/gui/file/595c701a3cb8b1008f06342095a9e0375a6ddd8d86459260b440dded1934e359/details https://twitter.com/i/web/status/1339470245812170753K_N1kolenko
2020-12-17 05:40:46#exploit #CVE-2017-11882 https://t.co/bZLYoZQ4yX #rat #remcos #stealer #keylogger https://t.co/iaOengTBaq Url… https://t.co/X0bmeuydNl https://bazaar.abuse.ch/sample/58e2c7c687ba74f4b6e3389d4f3c0510564f493236fe56c99d79abfc92d30de1/ https://bazaar.abuse.ch/sample/c14895a7d0ca2633b565af7c08e77aef32397f4fdc78fd3560d2f23d89aa6d6a/ https://twitter.com/i/web/status/1339442811092013056JAMESWT_MHT
2020-12-17 05:40:37#exploit #CVE-2017-11882 https://t.co/FCg6cZPLkG #AZORult caught by @abuse_ch https://t.co/FYKhESO2jo Url… https://t.co/MRBiCNT7He https://bazaar.abuse.ch/sample/1bbf9c128f945fd69df50bae2e2f5e6c8cc2519aa4b5a29746a57da7abf0306c/ https://bazaar.abuse.ch/sample/27dba485d64dd66d0fc92075a746f89adc870ce27edbf58676ea7708fa466922 https://twitter.com/i/web/status/1339444182650413056JAMESWT_MHT
2020-12-16 00:20:04そう、CVE-2017-11882悪用の不正メールがやたらと多い(サーバで検疫されますが) 脅威メール件名例:「業務報告」「金曜日の会議のチェックリスト」「在庫確認表」「請求書送付のお願い」「組織図更新」 https://t.co/7BK5LnLzXx https://scan.netsecurity.ne.jp/article/2020/12/01/44886.htmltodkm
2020-12-11 15:11:03If you think most organisations patch well, please know CVE-2017-11882 is one of the most commonly exploited vulner… https://t.co/2v5y10x13d https://twitter.com/i/web/status/1337412018056425473GossiTheDog
2020-12-10 13:51:32CVE-2017-11882悪用の添付ファイルがやたらと着弾して検疫されるのはこれかな。 APT Group Targeting Governmental Agencies in East Asia https://t.co/pQnVHx9Ew7 https://decoded.avast.io/luigicamastra/apt-group-targeting-governmental-agencies-in-east-asia/todkm
2020-12-08 17:40:04Interesting #maldocx using template injection and exploiting #CVE-2017-11882. @JAMESWT_MHT @500mk500 @ffforward a… https://t.co/PXJG9RLbw8 https://twitter.com/i/web/status/1336364732563992576Circuitous__
2020-12-08 02:10:04CVE-2017-11882 used to drop Formbook. C2: www.sandefjordsiliconalley[.]com Sample: https://t.co/9pKTzBS6rc https://t.co/Y2k20Xp5Cq https://tria.ge/201208-5aql5mlr3aphage_nz
2020-12-04 14:14:08Anomali: RT @Circuitous__: #malXLSX exploiting #CVE-2017-11882 to drop what appears to be #agenttesla MRKRFQPD-16… https://t.co/O8vkgHx4Xv https://twitter.com/i/web/status/1334613262017638401cybersecureny
2020-12-04 14:00:32Anomali: RT @Circuitous__: #malXLSX exploiting #CVE-2017-11882 to drop what appears to be #agenttesla MRKRFQPD-16… https://t.co/O8vkgHx4Xv https://twitter.com/i/web/status/1334613262017638401cybersecureny
2020-12-04 13:47:09Anomali: RT @Circuitous__: #malXLSX exploiting #CVE-2017-11882 to drop what appears to be #agenttesla MRKRFQPD-16… https://t.co/O8vkgHx4Xv https://twitter.com/i/web/status/1334613262017638401cybersecureny
2020-12-04 11:00:21CVE-2017-11882, CVE-2017-0199, CVE-2017-5638, CVE-2012-0158, CVE-2019-0604, CVE-2017-0143, CVE-2018-4878, CVE-2017-… https://t.co/odtIqGaZLI https://twitter.com/i/web/status/1334813705163378688boxswapper
2020-12-03 16:40:05Vulnerabilities like CVE-2017-11882 or CVE-2017-0199 are still out there and whenever I start writing my intel pape… https://t.co/uFwnnjCz29 https://twitter.com/i/web/status/1334533744313552897Qulex666
2020-11-24 15:00:03#formbook #malware distributed via #maldoc that exploits #CVE-2017-11882. INV#2020-000185.docx 6e16c996ef12946d145… https://t.co/zFX1prsuEy https://twitter.com/i/web/status/1331251085231726593Circuitous__
2020-11-23 18:20:40Via @anomali Threat Research team member @Circuitous: #malXLSX exploiting #CVE-2017-11882 to drop what appears to b… https://t.co/LmSVp7xDxX https://twitter.com/i/web/status/1330937081833480193Anomali
2020-11-23 15:40:51#malXLSX exploiting #CVE-2017-11882 to drop what appears to be #agenttesla MRKRFQPD-1682020.xlsx cb57e8bab6e835b5… https://t.co/wJ6IdyF0My https://twitter.com/i/web/status/1330897299011203072Circuitous__
2020-11-17 22:10:04#AZORult #malware #trojan distributed through #maldoc that exploits CVE-2017-11882 to download exes. PAYMENT_ADVICE… https://t.co/YAXghyTJZ8 https://twitter.com/i/web/status/1328821152479899653Circuitous__
2020-11-17 21:50:02Can someone please explain the logic behind a CVE-2017-0199 -> CVE-2017-11882 -> GuLoader -> .... Loki Bot infectio… https://t.co/23m2GFKOoU https://twitter.com/i/web/status/1328817567276933122MalwarePI
2020-11-06 09:30:08This Agent Tesla analysis by @smgoreli is a reminder that CVE-2017-11882 continues to be exploited to deliver malwa… https://t.co/bsNPFy7OJq https://twitter.com/i/web/status/1324644693183918081martijn_grooten
2020-11-05 10:05:03[WARNING] Remember this 17-Year Old MS Office #vulnerability (CVE-2017-11882). Guess what ? Looks like it is resu… https://t.co/YxMYUtAU1q https://twitter.com/i/web/status/1323636797214281729vFeed_IO
2020-11-05 09:09:48[WARNING] Remember this 17-Year Old MS Office #vulnerability (CVE-2017-11882). Guess what ? Looks like it is resu… https://t.co/YxMYUtAU1q https://twitter.com/i/web/status/1323636797214281729vFeed_IO
2020-11-03 17:30:16PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882). https://t.co/LEvPCR0bOs Related:… https://t.co/qGeOnPkJUP https://github.com/rxwx/CVE-2018-0802 https://twitter.com/i/web/status/1323671290578903048OPOSEC
2020-11-03 14:50:47[WARNING] Remember this 17-Year Old MS Office #vulnerability (CVE-2017-11882). Guess what ? Looks like it is resu… https://t.co/KRbh6Zrqjo https://twitter.com/i/web/status/1323636923806720004ToolsWatch
2020-11-02 22:10:05CVE-2017-11882 is the most often exploited vulnerability by advanced threat groups. The Microsoft Office bug has ex… https://t.co/Tq0kwKeAAR https://twitter.com/i/web/status/1323385392608006144Netenrich
2020-10-26 10:50:03Una vecchia vulnerabilità: Equation Editor CVE-2017-11882 nel dettaglio https://t.co/vdSjQeZfaQ https://t.co/ORW2VT74CF https://cert-agid.gov.it/news/una-vecchia-vulnerabilita-equation-editor-cve-2017-11882-nel-dettaglio/AgidCert
2020-10-23 00:40:12its CVE-2017-11882 https://t.co/AG8VZrdNWS https://twitter.com/TheRegister/status/1319423896232382476BuhoOscuro
2020-10-10 01:10:03Load of XLS and RTF maldocs on rezkabum[.]ru PowerShell & CVE-2017-11882 https://t.co/DY9FhuOpfR… https://t.co/Lu8zAZSHP9 https://www.virustotal.com/gui/domain/rezkabum.ru/relations https://twitter.com/i/web/status/1314734648489111552BushidoToken
2020-10-05 16:30:04Appears to be #AgentTesla delivered via #maldoc exploiting #CVE-2017-11882. #opendir: savemodificationgloballyfromt… https://t.co/zmIw47gqnf https://twitter.com/i/web/status/1313153061200769025Circuitous__
2020-10-01 13:00:03Unknown #InfoStealer #Malware https://t.co/hckqlreo95 Sent as an Excel document that exploits CVE-2017-11882 Payl… https://t.co/A4DRy8A5T3 https://app.any.run/tasks/c2eb9c79-70f6-4ad4-bb79-2c41714c2d5c/ https://twitter.com/i/web/status/1311650785047048193ScarletSharkSec
2020-09-23 16:00:03#exploit - EtterSilent Microsoft Office Exploit, Macros - DOCX silent /XLSB macro - CVE-2017-11882 & 2018-0802 in c… https://t.co/oFmMJx3j6W https://twitter.com/i/web/status/1308798282030673922shad0wintel
2020-09-22 19:20:04Exploit Microsoft Office Remote Code Execution CVE-2017-11882 https://t.co/TU8WxZsiHpHa_HAZZA_Ha
2020-09-19 18:00:03Attempts to exploit the vulnerability (CVE-2017-11882) rose by 400% in the second quarter https://t.co/NJFPcn83Vb https://www.techradar.com/news/hackers-have-revived-a-decade-old-microsoft-office-exploit-and-theyre-having-a-field-daycedoxX
2020-09-18 14:10:04Weirdly, attempts to abuse this old Microsoft Office / Equation Editor vulnerability CVE-2017-11882 up by 400% in Q… https://t.co/tZiUeun1cs https://twitter.com/i/web/status/1306957285470732288mkolsek
2020-09-09 19:30:06Correction CVE-2017-11882 not CVE-2020-11882almorabea
2020-09-09 18:00:04Appears to be #agenttesla distribution through mal_docx and template injection and EQNED.exe vul #CVE-2017-11882. S… https://t.co/88GysMK6rN https://twitter.com/i/web/status/1303753459594915841Circuitous__
2020-09-07 16:00:03#LokiBot campaign leveraging #Maersk in maldocs Exploits CVE-2017-11882 (Microsoft Equation Editor) "Shipping Doc… https://t.co/BMXaObEC0N https://twitter.com/i/web/status/1302998127067230209BushidoToken
2020-08-28 02:30:03AgentTeslaの MalExcelだけど、よくCVE-2017-11882(vulnerability of Equation editor)使われているのだけど、あれって、まだVictim側で多く残存しているもんなんかなぁ エンタープライズだとさすがに少ない気がするけど。papa_anniekey
2020-08-16 12:30:07#FormBook Turquía 🇹🇷 #Trojan #Stealer CVE-2017-11882 IOCs: kingx[1].exe -> 9eda77a9b914fd80b415780d09eaeaeb1f7b452… https://t.co/qfdfYbUKeH https://twitter.com/i/web/status/12949738020829716513XS0
2020-08-14 17:40:04#FormBook Turquía 🇹🇷 #Trojan #Stealer CVE-2017-11882 IOCs: kingx[1].exe -> 9eda77a9b914fd80b415780d09eaeaeb1f7b452… https://t.co/DPWQA2X3E7 https://twitter.com/i/web/status/12943257623178485781ZRR4H
2020-07-17 11:40:04Hello #njrat + #CVE-2017-11882 198.23.213.30 159.89.170.144 dfavour.publicvm.]com Sample https://t.co/2B56hwZMEr… https://t.co/Z5v9addLW9 https://bazaar.abuse.ch/sample/5e0c9ae3d220d6e59d934fdc7cfae2ab70c2a1dc268d5beaf9c041ab5f3973df/ https://twitter.com/i/web/status/1284089578534522880JAMESWT_MHT
2020-07-15 16:00:08#AgentTesla Email> arinzelog@frostdell.]uk Rtf #Exploit #CVE-2017-11882 https://t.co/w6rmpqqnoL payload… https://t.co/rdxcOBQsDE https://bazaar.abuse.ch/sample/0cc1a08925526a4b671058431c107d91ae29842a9f99d0cbd3a54689aefd79b6/ https://twitter.com/i/web/status/1283431061712785409JAMESWT_MHT
2020-07-15 15:52:03#FormBook via malspam using CVE-2017-11882. 🚨 IOCs 🚨 Subject: AMENDED INVOICE, PARKING LIST & COO DOCS 5107a4d818… https://t.co/EUIgiqcnsf https://twitter.com/i/web/status/1283426965408501760MBThreatIntel
2020-07-14 20:22:53Your Swift PrePaymaent Order is Actually CVE-2017-11882 https://t.co/MQw8nYcsCh http://www.ubersec.com/your-swift-prepaymaent-order-is-actually-cve-2017-11882/ubersec
2020-07-13 12:20:05CVE-2017-11882 Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 S… https://t.co/ei82URy3Vg https://twitter.com/i/web/status/1282650976655114242VulmonFeeds
2020-07-07 08:20:07AsyncRAT and Formbook #Malware are exploiting MS Office #vulnerability (CVE-2017-11882) in doc file to get into a u… https://t.co/BxeQvjlxtK https://twitter.com/i/web/status/1280414633040347137k7computing
2020-07-07 00:40:21A vulnerabilidade CVE-2017-11882 já foi corrigida, mas as máquinas desatualizadas estão suscetíveis aos ataques!… https://t.co/maawqLUsPm https://twitter.com/i/web/status/1280298056928329728Tec_Mundo
2020-07-04 11:20:35Segundo a empresa de segurança Menlo Labs, pelo menos três campanhas usam a vulnerabilidade CVE-2017-11882, corrigi… https://t.co/Gvx5pbzFur https://twitter.com/i/web/status/1279372382390628356olhardigital
2020-06-30 08:50:05nice #malspam delivering #nanocore via encrypted .doc embedding .xlsx embedding CVE-2017-11882 VT:eab3d02e429ee086b… https://t.co/4TK1u1oLAT https://twitter.com/i/web/status/1277885198613590017luc4m
2020-06-29 19:00:06Well, this is news to me...? Link downloads a file called StolenImagesEvidence.xlsm that uses CVE-2017-11882 and i… https://t.co/oN1w5vSvTo https://twitter.com/i/web/status/1277677416736006144SecurityAura
2020-06-26 06:20:17ᓚᘏᗢ マルウェア感染スパムに人気の脆弱性は、CVE-2017-11882 Microsoft数式エディタ、CVE-2017-0199 Microsoft Word の2つで9割を占める。 Detect Malware Assoc… https://t.co/6henSSd8F6 https://twitter.com/i/web/status/1276398466143449088mach48mach
2020-06-22 19:30:03Malspam pushing #FormBook via CVE-2017-11882. 🚨 IOCs 🚨 admindepartment[.]ir/wealthx/kayboi.exe a23a615e742701b8f8… https://t.co/UjPeTKOZMF https://twitter.com/i/web/status/1275148930460745728MBThreatIntel
2020-06-15 16:00:06So this is funny Maldoc using CVE-2017-11882 to drop a legitimate putty instance on the machine, found at 180[.]21… https://t.co/zJOY5ZmRQ9 https://twitter.com/i/web/status/1272557473052975104danusminimus
2020-05-29 18:10:05Commonly exploited vulnerabilities in #Microsoft Office: CVE-2017-11882 CVE-2017-8570 CVE-2018-0802 CVE-2017-8759… https://t.co/nObg7OswGM https://twitter.com/i/web/status/1266429123175555075kaspersky
2020-05-22 06:40:10@Aj7xA officeの脆弱性CVE-2017-11882を狙った攻撃とか有名s9_pn
2020-05-19 16:10:061) CVE-2017-11882 - A stack overflow in Equation Editor (EQNEDT32.EXE) that was accessible via Microsoft Office doc… https://t.co/FUS5IYXj5q https://twitter.com/i/web/status/1262776021473845248benhawkes
2020-05-19 06:20:03Vulnerability Details : CVE-2017-11882 (1 Metasploit modules) #CyberSecurity 👁🕸 https://t.co/dP6s8ZZ6lM https://www.cvedetails.com/cve/CVE-2017-11882/pdsuniovi
2020-05-18 20:00:04Top 10 Routinely Exploited Vulnerabilities from 2016 to 2019: CVE-2017-11882 CVE-2017-0199 CVE-2017-5638 CVE-2012-0… https://t.co/5WT03WeZnc https://twitter.com/i/web/status/1262472506151186432Bank_Security
2020-05-18 15:50:06@GRBail #CVE-2012-0158 https://t.co/9eo9AE1gKW #CVE-2017-11882 https://t.co/ufZQpXsZ26 https://www.exploit-db.com/exploits/18780 https://www.exploit-db.com/exploits/43163burning_pm
2020-05-16 19:40:042016-2019 yılları arasında en fazla istismar edilen güvenlik zafiyetleri CVE-2017-11882 CVE-2017-0199 CVE-2017-563… https://t.co/DwKHBGtO0u https://twitter.com/i/web/status/1261741219748642818eitatli
2020-05-15 12:30:05Nice #maldoc on VT:56708e9801a05cb3c7621ae739e9db1b [CDFV2 Encrypted -> XLSX -> Embedded DOCM and CVE-2017-11882… https://t.co/adcEUokj6v https://twitter.com/i/web/status/1261270605233401857luc4m
2020-05-14 03:20:06CVE-2017-11882, CVE-2017-0199, CVE-2017-5638, CVE-2012-0158, CVE-2019-0604, CVE-2017-0143, CVE-2018-4878, CVE-2017-… https://t.co/tyVbCprU7k https://twitter.com/i/web/status/1260771095227006978securetech_arg
2020-05-13 14:40:07"Top 10 Routinely Exploited Vulnerabilities" från @USCERT_gov CVE-2017-11882, CVE-2017-0199, CVE-2017-5638, CVE-201… https://t.co/z458Igdb0U https://twitter.com/i/web/status/1260578335974924290d95clj
2020-05-13 09:50:03Confirmed infection vectors so far: malicious Word documents exploiting CVE-2017-0199 and CVE-2017-11882, and a 7Zi… https://t.co/BnShw6ARfm https://twitter.com/i/web/status/1260507551336214528ESETresearch
2020-05-13 07:30:05We also published blogs on these TOP CVEs: CVE-2017-11882 https://t.co/uhLO6KSdxk https://t.co/o83XI6OM6z… https://t.co/Ue8Gj17zRH https://blogs.quickheal.com/obfuscated-equation-editor-exploit-cve-2017-11882-spreading-hawkeye-keylogger/ https://blogs.quickheal.com/coronavirus-themed-campaign-delivers-agent-tesla-malware/ https://twitter.com/i/web/status/1260471544758841349AniruddhaDolas
2020-05-13 05:50:04No excuses, but patch. Top 10 most exploited vulnerabilities 2016–2019: CVE-2017-11882, CVE-2017-0199, CVE-2017-563… https://t.co/ZR35RtpKWx https://twitter.com/i/web/status/1260447050539438080japi999
2020-05-13 05:40:03Here's your reminder to patch Office. I know a late 2017 vulnerability like CVE-2017-11882 isn't very sexy, but it'… https://t.co/CAzKWeDVv3 https://twitter.com/i/web/status/1260442786337304577martijn_grooten
2020-05-13 04:40:03CVE-2017-11882,CVE-2017-0199,CVE-2017-5638,CVE-2012-0158,CVE-2019-0604,CVE-2017-0143,CVE-2018-4878,CVE-2017-8759,CVE-2015-1641,CVE-2018-7600ohhara_shiojiri
2020-05-13 02:40:05US-CERT released the top ten routinely exploited vulnerabilities (2016 - 2019) CVE-2017-11882 CVE-2017-0199 CVE-20… https://t.co/T5nC8ulE01 https://twitter.com/i/web/status/1260397639352422400CryptoCypher
2020-05-12 22:50:06CVE-2017-11882, CVE-2017-0199, CVE-2017-5638, CVE-2012-0158, CVE-2019-0604, CVE-2017-0143, CVE-2018-4878, CVE-2017-… https://t.co/B4X14atK7N https://twitter.com/i/web/status/1260339007365484545CVEannounce
2020-04-15 08:00:18Malware Analysis – CVE-2017-11882 Microsoft Office Equation Editor Buffer Overflow https://t.co/Mf0NJTg1ur https://ift.tt/3enxLqnbug_less
2020-04-14 15:00:03malware use CVE-2017-11882 😷quochuy71228247
2020-04-14 03:40:03Another campaign (https://t.co/xWci50MLfZ) is exploiting CVE-2017-11882 to drop NanoCore RAT: https://t.co/URCutCVxBj. https://virustotal.com/gui/file/d1b8db2724b4f7b104e04d7ff937d1af967f324ceb6b2ca62496d2f4e06e5e79/detection https://virustotal.com/gui/file/15bba0d45871f0f5549a6bbb18808978fe0c36a3fe8196f3aeb2983a7d6d552d/detectionhadianjazi
2020-04-14 03:30:02Another campaign (https://t.co/Zw6T4beQyh) is exploring CVE-2017-11882 to drop NanoCore RAT: https://t.co/wRDGGeVMQX. https://www.virustotal.com/gui/file/d1b8db2724b4f7b104e04d7ff937d1af967f324ceb6b2ca62496d2f4e06e5e79/detection https://www.virustotal.com/gui/file/15bba0d45871f0f5549a6bbb18808978fe0c36a3fe8196f3aeb2983a7d6d552d/detectionhadianjazi
2020-04-11 19:50:02Spam campaign (Subject: LONG OVERDUE BALANCE PAYMENT) is exploiting CVE-2017-11882 to drop AgentTesla. Malicious do… https://t.co/lqtnaFqIJy https://twitter.com/i/web/status/1249062141195440128hadianjazi
2020-03-27 10:00:032年以上も前のMS Office 数式エディタの脆弱性(CVE-2017-11882)を突いてダウンロードされるようです。 Excelには簡体字が記載されているので、そっち方面を狙ったものだと思われます。 https://t.co/X8iBpbOf5o https://app.any.run/tasks/a4d9cf2d-29c4-4cc1-933a-58799fda4af8/tiketiketikeke
2020-03-27 01:10:03Malspam 'Purchase Order (PO For-COVID-19 Products)' using CVE-2017-11882 dropping AutoIt loader. 60735c7b433c2f4d6… https://t.co/UF6Y7Vp40G https://twitter.com/i/web/status/1243344297086177280MBThreatIntel
2020-03-23 13:00:03Ojo! hay un repunte de envío de correos con ficheros que se aprovechan del CVE-2017-11882 para infectar los equipos… https://t.co/lAPzVuRwr5 https://twitter.com/i/web/status/1242071517887893512RamirezRaulRa
2020-03-20 14:20:03#ESETresearch has noticed that attackers started to utilize an exploit for CVE-2017-11882 within the lure RTF docum… https://t.co/OEd0jBV8Gh https://twitter.com/i/web/status/1241005046374039553ESETresearch
2020-03-18 17:00:03@James_inthe_box @Malwageddon VT detected CVE-2017-11882 in the decoded RTF payload. https://t.co/B6T79Hg7p2 https://www.virustotal.com/gui/file/eb66a3c1c28a77926c0325248d1f0e13e2ab6d3190aeb5917290d751f1d02bfc/detectionpro_integritate
2020-03-18 04:50:02#Lokibot dirigido a usuarios de Argentina 🇦🇷 Explota CVE-2017-11882 (RCE para Microsoft Office, sin interacción).… https://t.co/A1ljewoPh4 https://twitter.com/i/web/status/12401380853435596801ZRR4H
2020-03-17 06:40:03CVE-2017-11882 Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 S… https://t.co/VHAcTRr7MU https://twitter.com/i/web/status/1239802283300392960VulmonFeeds
2020-03-15 18:20:03Malspam using #Coronavirus as lure targeting UK with #AgentTelsa via CVE-2017-11882 and #GuLoader? 64551b04da5c87e… https://t.co/mXHwPMZu24 https://twitter.com/i/web/status/1239253487369605120MBThreatIntel
2020-03-11 11:10:13An embedded 800k "oleObject1" uses CVE-2017-11882 to download and execute remote code if the spreadsheet is opened.GarWarner
2020-03-06 21:10:02#COVIDー19 #COVID19 themed #malware using CVE-2017-11882 exploit "COVID 19_List_cities_names.xlam” ab7888a4bf62412d… https://t.co/IKpCnWAgOs https://twitter.com/i/web/status/1236036262638882821dewan202
2020-03-06 00:10:05#Formbook XLAM->CVE-2017-11882->Fuckery Payload: altamonteorators[.]com/images/admin/8907.exe Contacts several d… https://t.co/KWO3Riz5u9 https://twitter.com/i/web/status/12357171493243863040xCARNAGE
2020-03-03 11:20:03@ExcelAnalytics @msftsecurity @WindowsDefender Did you try oleobj? If this is a CVE-2017-11882, then it should be i… https://t.co/4ndj1mj8ei https://twitter.com/i/web/status/1234798220477435906decalage2
2020-03-03 11:10:03@msftsecurity got a spam email today which @WindowsDefender identified as Exploit:O97M/CVE-2017-11882.L - reported… https://t.co/ZCIZVIzTYx https://twitter.com/i/web/status/1234796716475416576ExcelAnalytics
2020-02-28 01:20:05#AgentTesla #Malware More CVE-2017-11882 Exfil via smtp[.]bnb-spa[.]com ... sucks to be Ricardo Ospina right now,… https://t.co/ZSiFu5JH7N https://twitter.com/i/web/status/12331978177594572800xCARNAGE
2020-02-28 01:00:05#Remcos maybe? Intezer seems sure of it but that ping delay doesn't seem on-brand for that. CVE-2017-11882->exes a… https://t.co/b5P0JkFYzL https://twitter.com/i/web/status/12331939811583385610xCARNAGE
2020-02-25 08:50:02増殖する RAT「Loda」 https://t.co/9zf5QH6WHM "Loda は、AutoIT で記述されたリモートアクセス型トロイの木馬(RAT)です…第 2 段階のドキュメントは CVE-2017-11882 の脆… https://t.co/MxZRlqzqDl https://gblogs.cisco.com/jp/2020/02/talos-loda-rat-grows-up/ https://twitter.com/i/web/status/1232225411976716297catnap707
2020-02-21 21:10:07Malspam 🇪🇸 'Documentos de envío' pushes #Formbook DRAFT BL.xlsx (CVE-2017-11882): d6a4e78c0114006d0815c5230d9a48e4… https://t.co/Ai0pcEefNA https://twitter.com/i/web/status/1230960745312968705MBThreatIntel
2020-02-20 15:10:07#malspam detected in-the-wild file sha1: 51025bca7dc14abe519591b435f4bf9170470826 RTF, CVE-2017-11882, bypasses Pr… https://t.co/RSw1oF7Z7G https://twitter.com/i/web/status/1230508360073646082bit_dam
2020-02-13 15:30:04- Email attachment doc (exploiting CVE-2017-11882) looks to be written in Korean, connecting to malicious .php lead… https://t.co/EwVemehCBd https://twitter.com/i/web/status/1227976332547506176Account4Kazu
2020-02-12 20:00:06Talos has observed a malware campaign that utilizes a new version of Loda RAT exploiting CVE-2017-11882 deets here… https://t.co/gI953cO3BJ https://twitter.com/i/web/status/1227681317137141762security_craig
2020-02-12 10:20:03Why the hell are they chaining CVE-2017-11882 before CVE-2020-0674 when CVE-2017-11882 gives you RCE🤔… https://t.co/MP8j1yMPJI https://twitter.com/i/web/status/1227535968799838208av_eip
2020-02-10 16:10:02CVE-2017-11882 Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 S… https://t.co/0cTHUgKDQS https://twitter.com/i/web/status/1226901059794239494VulmonFeeds
2020-02-08 17:10:03New post in CVE Updates: #CyberSecurity #CVE ID:CVE-2017-11882 Published:2017-11-15T03:29:00 CVSS:9.3 Summary:Micro… https://t.co/TbTh4GPS8U https://twitter.com/i/web/status/1226189536646041602j41r0r0d
2020-02-07 16:50:02When patching isn't possible, attackers will take advantage. This week's Phish Fryday talks about CVE-2017-11882 an… https://t.co/bLoul3Sz38 https://twitter.com/i/web/status/1225823094067126272sgcardinal
2020-02-05 22:50:05スーパーはっちゅう君に検出結果「Exploit.CVE-2017-11882.Gen+(B)」が出てきたけど大丈夫なんだろうか? https://t.co/QOJWsLns4tallyzth
2020-02-05 17:10:10Malspam "PETRONAS MALAYSIA PO" pushing #LokiBot via CVE-2017-11882 and zipped downloader. Exploit -> 107.189.10[.]… https://t.co/6OePPaSQKL https://twitter.com/i/web/status/1225102683293413376MBThreatIntel
2020-02-05 02:20:08The top ten most commonly exploited vulnerabilities. - CVE-2018-15982 / CVE-2018-8174 / CVE-2017-11882 / CVE-2018-4… https://t.co/AZcV879V5R https://twitter.com/i/web/status/1224877854497755137Hello_Hyo01
2020-01-29 22:30:03#Malspam pushing #AgentTesla via CVE-2017-11882 (Equation Editor exploit). * IoCs * f440a587d49886b52586d9dfa8f9a… https://t.co/7TFpAhwd6r https://twitter.com/i/web/status/1222647386234707969MBThreatIntel
2020-01-27 09:20:03NUEVO MAIL QUE ANEXA FICHERO DOC (QUE ES REALMENTE UN RTF) CON EXPLOIT CVE-2017-11882 https://t.co/tKwat1FRHl https://ift.tt/2sYZcnySATINFOSL
2020-01-23 09:10:02#generated-doc #exploit #CVE-2017-11882 #exe-to-msi https://t.co/cNuzmyXIWH https://t.co/Z5Ioj1ltqv https://t.co/voVn4cmq9J https://www.virustotal.com/gui/file/7011d67c4643a21c232c0e3c6b92058205d4229454187bd11a598fc3c6aa608d/detection https://app.any.run/tasks/cfe8ef8a-edd6-4965-b526-bfd15d1233cdmoshsrv
2020-01-21 02:30:04CVE-2017-11882 BufferOverflow VE2017 + IDA Test https://t.co/YTK0xKGGN3 [PoC] Simple Overflow demo, like CVE-2017… https://t.co/HwQ3LK3BIc https://www.freebuf.com/vuls/224934.html https://twitter.com/i/web/status/1219445569682149376wugeej
2020-01-16 21:20:04Did anyone else get the @USPTO email freaking out about CVE-2018-20250 CVE-2017-11882 CVE-2017-11775 CVE-2017-0200… https://t.co/5xWbI7hI9W https://twitter.com/i/web/status/1217919089940713472kurtseifried
2020-01-13 16:20:04@olihough86 @killamjr Jokes apart seeing a lot of lokibot/nanocore recently, all of them using CVE-2017-11882 equat… https://t.co/bNMBvRQpCl https://twitter.com/i/web/status/1216756108057964544ankit_anubhav
2020-01-07 09:10:04https://t.co/KXagPPbKHI #malware #pdf #CVE-2017-11882 https://app.any.run/tasks/f113439c-d236-4017-bf45-7a3bbe9dbe76moshsrv
2020-01-07 00:00:03イラン革命防衛軍カシム将軍がアメリカ軍のドローンから攻撃された報復としてアメリカやスンニ派諸国がサイバー攻撃のターゲットになる可能性が高い。重要インフラ企業等がターゲットになります。CVE-2017-11882の脆弱性(MSoff… https://t.co/oYUeJkHDht https://twitter.com/i/web/status/1214335274768945152azuma_max
2020-01-06 14:41:30@GossiTheDog Truth - CVE-2017-11882 was our most blocked CVE at the mail gateway in 2019bleepsec
2020-01-04 15:50:03New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit https://t.co/tSph1D5Cax https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.htmlrootsecdev
2020-01-02 13:50:04#formbook PDF(JS) drops XLAM > CVE-2017-11882 > ://newyearddnsaddressupdatelink.duckdns.org/office/vbc.exe > ://do… https://t.co/VOouSoB2gj https://twitter.com/i/web/status/1212730450432679936ps66uk
2019-12-27 08:20:03DarkReading: CVE-2017-11882 is the vulnerability most often exploited by advanced threat groups, researchers say, u… https://t.co/7r4iQaCMCy https://twitter.com/i/web/status/1210475259725570048WolfSec_ch
2019-12-26 17:50:06CVE-2017-11882 is the vulnerability most often exploited by advanced threat groups, researchers say, urging compani… https://t.co/8bQOLgwtZg https://twitter.com/i/web/status/1210254818574524416cyberintel
2019-12-26 17:20:03CVE-2017-11882 is the vulnerability most often exploited by advanced threat groups, researchers say, urging compani… https://t.co/CLMtyRSctS https://twitter.com/i/web/status/1210247669643448329DarkReading
2019-12-20 00:10:05https://t.co/xravIxIwnR Did Microsoft Just Manually Patch Their Equation Editor Executable? Why Yes, Yes They Did. (CVE-2017-11882) http://anonymous.bravehost.com/main/2019/12/19/did-microsoft-just-manually-patch-their-equation-editor-executable-why-yes-yes-they-did-cve-2017-11882/VitalAnon
2019-12-17 12:40:08Sidewinder APT exploiting CVE-2017-11882 Sigma rule from 2017 covers all the the samples, even the ones with low A… https://t.co/LADDWu0ZMF https://twitter.com/i/web/status/1206915848876765185cyb3rops
2019-12-10 18:40:03"Bank Swift.xlsx" CVE-2017-11882 #Agenttesla c996f64436d05eaea0854abdae67c12990457bfccd48c8dc7f75ba7d7523b5a4 gl… https://t.co/773SO6E2BG https://twitter.com/i/web/status/12044692258904268801ZRR4H
2019-12-03 12:10:02#Lokibot uses RTF #exploit CVE-2017-11882 to deliver payloads. @James_inthe_box 55b0b4b988ea8f2fbb07c8a727f35f47 5… https://t.co/iZhlDwmjwe https://twitter.com/i/web/status/1201834750257831937cyber__sloth
2019-11-26 16:00:04CVE-2017-11882 - Phoenix ha evolucionado de un simple registrador de pulsaciones de teclas (keylogger) a un troyano… https://t.co/Bfzqj2Xt6p https://twitter.com/i/web/status/1199355665074020358EcuCERT_EC
2019-11-25 15:14:02CVE-2017-11882 .xlsx file cdn.discordapp[.]com/attachments/648441025806729220/648441650594709504/QUOTE_GM-QU-20442… https://t.co/wv5W9tvgMS https://twitter.com/i/web/status/1198982902392008710JayTHL
2019-11-22 07:30:02CVE-2017-11882 .doc cdn.discordapp[.]com/attachments/641115505754767420/647060249131614221/Original_Documents.doc… https://t.co/UqlfVoYQoU https://twitter.com/i/web/status/1197779081984716801JayTHL
2019-11-21 07:32:02discord got good stuff CVE-2017-11882 doc cdn.discordapp[.]com/attachments/646414568519630852/646828498350112810/… https://t.co/1ledYSZRC1 https://twitter.com/i/web/status/1197417030388985861JayTHL
2019-11-21 01:40:02@ankit769 @ccxsaber didn't see it, but the remote file was an exploit of CVE-2018-0798 rather than CVE-2017-11882MOBIUSPILLS
2019-11-15 03:06:02#Donot #CVE-2017-11882 f4fa463a8ca99a62feb9c344539a47efad918254571a7c60fe1bd194f9d0d9c6 DP: pinfile.exe HA: 2abc736… https://t.co/NhMMvT9EAk https://twitter.com/i/web/status/1195175943087616000ccxsaber
2019-11-14 08:08:032019-11-14 Malicious document uses CVE-2017-11882 to drop #hawkeye. DOC MD5: ce1fdd8a4751c8aa49ece4d18fbc35ba EXE… https://t.co/QuxYLUMT1e https://twitter.com/i/web/status/1194889495868592130w3ndige
2019-11-13 16:03:24@anyrun_app your search is still broke for tag CVE-2017-11882 if you try and search for that nothing returns. If yo… https://t.co/yRCa0D6dhYLedtech3
2019-11-11 16:54:03#AgentTesla RTF w/CVE-2017-11882 -> hxxp://bit.ly/2NpQOVI -> hxxps://rhood.com/wirell.txt -> exe -> mail.privateem… https://t.co/Bl70skzQo6wwp96
2019-11-05 16:20:02"ISIS Al-Baghdadi's Death.doc" https://t.co/sgY2OAjvVd CVE-2017-11882 https://t.co/M1fx9wQfUhixmailsaygili
2019-11-04 13:16:03ISIS Al-Baghdadi's Death.doc https://t.co/I06QSskcan uploaded from KR, CVE-2017-11882 #phishing #malware… https://t.co/j5kwwg1Jthsecuritydoggo
2019-11-02 16:50:03Falcon Sandbox Automated File Analysis (Verdict: malicious; Label: CVE-2017-11882; TS: 100/100; AV: 60%):… https://t.co/ISeaoWoSKpperic0
2019-10-30 23:22:02Equation Editor (CVE-2017-11882) used to deploy #AgentTesla "cmd.exe /c bitsadmin /transfer yX /priority foregroun… https://t.co/Qgm9y440wtLittl3field
2019-10-30 12:24:02MAIL QUE ANEXA FICHERO CON EXTENSION DOC QUE ES UN RTF CON EXPLOIT CVE-2017-11882 https://t.co/QkvJYcrt6mSATINFOSL
2019-10-29 16:40:02#CVE201711882 / CVE-2017-11882 MalDoc - 7dc7a978d01b43aeba93b07c32a87192 --> hxxp://213.152.160[.]146:1010/hta (+ge… https://t.co/0K9sGa5UCCOttoScav
2019-10-29 11:22:02"The most common method...is #Microsoft Office #vulnerability CVE-2017-11882, which remains a "prolific technique"… https://t.co/fWqdD6flhE_RPMConsulting_
2019-10-29 10:34:02Y MAS MAILS ANEXANDO FALSO FICHERO DOC (ES UN RTF CON EXPLOIT RTF.CVE-2017-11882) https://t.co/AHNDPeT81oSATINFOSL
2019-10-29 10:32:02Microsoft Office's bug CVE-2017-11882 has been attacker's favourite malware delivery mechanism to install Ransomwar… https://t.co/JSNkXkVSRQForenzyN
2019-10-29 10:10:02OTRO MAIL ANEXANDO FICHERO CON FALSA EXTENSION DOC (ES UN RTF CON EXPLOIT MALICIOSO RTF.CVE-2017-11882.gen) https://t.co/LF14WuMmV4SATINFOSL
2019-10-29 08:06:03CVE-2017-11882 exploited in phishing campaign that spread the new CCryptor ransomware https://t.co/l2YiTYlagu https://t.co/5pq0g8UEmfvirusbtn
2019-10-28 17:20:02Microsoft Office #Bug Remains Top #Malware Delivery Vector: CVE-2017-11882 has been attackers' favorite malware del… https://t.co/deVdW349TaNcuIsao
2019-10-28 15:34:02Sikkerhedsfirma: Klassikeren CVE-2017-11882 er blandt de kriminelles foretrukne til malware-distribution https://t.co/yKfybvJLogversion2dk
2019-10-28 15:28:02CVE-2017-11882 has been attackers' favorite #malware delivery mechanism throughout the second and third quarters of… https://t.co/7QeLxg4KavIANS_Security
2019-10-28 11:54:03Microsoft Office Bug Remains Top Malware Delivery Vector CVE-2017-11882 has been attackers' favorite malware delive… https://t.co/iAvfbIGRSZCyberNewsOutlet
2019-10-27 11:34:02The 2019 Q3 #malware trends report by @cofense shows that #Microsoft #Office CVE-2017-11882 is still the most commo… https://t.co/i9xNFcq6Akbsmuir
2019-10-26 12:14:02Microsoft Office Bug Remains Top Malware Delivery Vector: CVE-2017-11882 has been attackers' favorite malware deliv… https://t.co/gZylK8cKYuRW_Security
2019-10-26 12:12:02CVE-2017-11882 has been attackers' favorite malware delivery mechanism throughout the second and third quarters of… https://t.co/trQgOQxeHDDMBisson
2019-10-26 07:06:02[DarkReading] Microsoft Office Bug Remains Top Malware Delivery Vector --> CVE-2017-11882 has been attackers' favor… https://t.co/sNGRhPU6Yhgastronomy
2019-10-25 23:38:02CVE-2017-11882 has been attackers' favorite malware delivery mechanism throughout the second and third quarters of… https://t.co/tOYq3bCFCxInfoSecHotSpot
2019-10-25 22:38:02CVE-2017-11882 has been attackers' favorite malware delivery mechanism throughout the second and third quarters of… https://t.co/0BQGeEJNvgv_shakthi
2019-10-25 20:58:02CVE-2017-11882 has been attackers' favorite malware delivery mechanism throughout the second and third quarters of… https://t.co/C3AIlc92hAreason42
2019-10-25 20:38:02CVE-2017-11882 has been attackers' favorite malware delivery mechanism throughout the second and third quarters of… https://t.co/gUxOTCNZWWInfoSecResource
2019-10-25 20:38:02Microsoft Office Bug Remains Top Malware Delivery Vector: CVE-2017-11882 has been attackers' favorite malware deliv… https://t.co/l7CGOfBX1Ccipherstorm
2019-10-25 20:36:02Microsoft Office Bug Remains Top Malware Delivery Vector: CVE-2017-11882 has been attackers’ favorite… https://t.co/QeSmVK87kQ #infosecIT_securitynews
2019-10-25 20:34:02Microsoft Office Bug Remains Top Malware Delivery Vector. CVE-2017-11882 has been attackers' favorite malware deliv… https://t.co/H2xjtepUIhSpywareTweets
2019-10-25 20:34:02Microsoft Office Bug Remains Top Malware Delivery Vector: CVE-2017-11882 has been attackers' favorite malware deliv… https://t.co/DlOjVuRMLYshah_sheikh
2019-10-25 03:38:02#Donot 752c173555edb49a2e1f18141859f22e39155f33f78ea70a3fbe9e2599af3d3f AC: CVE-2017-11882 DP: C:\Users\admin\Adobe… https://t.co/8Vo5fn2R0dccxsaber
2019-10-24 23:48:02#Malware #PE New Remcos RAT Variant is Spreading by Exploiting CVE-2017-11882 https://t.co/RIfgYypH3vsanseovillage
2019-10-23 09:34:03#lokibot #CVE-2017-11882 #opendir Sha256: 4BE3D1BB91B463A65A6FCAED38112EF6A53A403664CB9354E9C6F6C3D2E7A35F 6E70B56… https://t.co/5b9FelPV5nfatihsirinnnn
2019-10-15 06:32:02Recent threat intelligence research has highlighted the increased use of the CVE-2017-11882 vulnerability in MS Off… https://t.co/sems1D0R9EMimecast
2019-10-14 11:12:03Recent #mimecast threat intelligence research has highlighted the increased use of the CVE-2017-11882 vulnerability… https://t.co/KK9TB82oRpErnestoBroersma
2019-10-12 15:50:02interesting sample #Gorgon Group use CVE-2017-11882 to load hxxp://j.mp/adjM9dXAsxfsaasdi by mshta ITW:0cd741aa9d2f… https://t.co/QioOdxQh6kRmy_Reserve
2019-10-11 15:36:02Recent #mimecast threat intelligence research has highlighted the increased use of the CVE-2017-11882 vulnerability… https://t.co/GCYsbSujr6S_Bowman007