mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
add Aurora/Hydraq
This commit is contained in:
parent
0cfc8907f3
commit
0ad7f06cf6
1 changed files with 15 additions and 0 deletions
|
@ -3746,6 +3746,21 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"uuid": "5f4be30a-2373-11e8-bbab-774ff49fd040"
|
"uuid": "5f4be30a-2373-11e8-bbab-774ff49fd040"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"value": "Aurora",
|
||||||
|
"description": "You probably have heard the recent news about a widespread attack that was carried out using a 0-Day exploit for Internet Explorer as one of the vectors. This exploit is also known as the \"Aurora Exploit\". The code has recently gone public and it was also added to the Metasploit framework.\nThis exploit was used to deliver a malicious payload, known by the name of Trojan.Hydraq, the main purpose of which was to steal information from the compromised computer and report it back to the attackers.\nThe exploit code makes use of known techniques to exploit a vulnerability that exists in the way Internet Explorer handles a deleted object. The final purpose of the exploit itself is to access an object that was previously deleted, causing the code to reference a memory location over which the attacker has control and in which the attacker dropped his malicious code.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.symantec.com/connect/blogs/trojanhydraq-incident-analysis-aurora-0-day-exploit",
|
||||||
|
"https://www.symantec.com/connect/blogs/hydraq-aurora-attackers-back",
|
||||||
|
"https://www.symantec.com/connect/blogs/hydraq-attack-mythical-proportions"
|
||||||
|
],
|
||||||
|
"synonyms":[
|
||||||
|
"Hydraq"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "70c31066-237a-11e8-8eff-37ef1ad0c703"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue