AKBuilder: A builder for exploit-laden Word documents

Wingman

Wingman

Level 4
Thread author
Verified
Well-known
Feb 6, 2017
154
...
According to SophosLabs principal researcher Gábor Szappanos, two versions of the builder have, at one time or another, found their way to the market.

Sold for $550 (or thereabouts), the builder – which comes in the form of a Python script – requires users to simply enter the name of the payload file, that of the decoy document, and the name of the generated exploit document.

The first version of the builder (AK-1) exploits the CVE-2012-0158 and CVE-2014-1761 vulnerabilities, and was active from mid-2015 to mid-2016. The second one (AK-2) exploits CVE-2015-1641, and took over where AK-1 left off.
Click to expand...
 
  • Like
Reactions: harlan4096 and XhenEd
You must log in or register to reply here.

Similar threads

M
    • Like
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Replies
0
Views
697
Microsoft Defender
Microsoft Threat Intelligence
M
LASER_oneXM
    • Like
    • +Reputation
    • Wow
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade
Replies
0
Views
591
News Archive
LASER_oneXM
LASER_oneXM
LASER_oneXM
    • Like
Threat actors offer millions for zero-days, developers talk of exploit-as-a-service
Replies
0
Views
858
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top