{"Event": {"info": "OSINT - Root cause analysis of the latest Internet Explorer zero day \u2013 CVE-2018-8174", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "publish_timestamp": "1526025886", "timestamp": "1526026037", "Object": [{"comment": "", "template_uuid": "81650945-f186-437b-8945-9f31715d32da", "uuid": "5af2be87-ea74-4ad8-8dcf-4569950d210f", "sharing_group_id": "0", "timestamp": "1525857927", "description": "Vulnerability object describing a common vulnerability enumeration which can describe unpublished, under review or embargo vulnerability for software, equipments or hardware.", "template_version": "4", "Attribute": [{"comment": "", "category": "Other", "uuid": "5af2be87-2f74-4d05-96b6-4c53950d210f", "timestamp": "1525857927", "to_ids": false, "value": "Published", "disable_correlation": true, "object_relation": "state", "type": "text"}, {"comment": "", "category": "External analysis", "uuid": "5af2be88-3ee8-46cf-9f66-4a09950d210f", "timestamp": "1525857928", "to_ids": false, "value": "CVE-2018-8174", "disable_correlation": false, "object_relation": "id", "type": "vulnerability"}], "distribution": "5", "meta-category": "network", "name": "vulnerability"}, {"comment": " RTF document", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5af2c3a4-d11c-404f-b948-4f1d950d210f", "sharing_group_id": "0", "timestamp": "1526025888", "description": "File object describing a file with meta-information", "template_version": "11", "ObjectReference": [{"comment": "", "object_uuid": "5af2c3a4-d11c-404f-b948-4f1d950d210f", "uuid": "5af54e9e-7600-488c-ac70-4c8402de0b81", "timestamp": "1526025886", "referenced_uuid": "2b8b2ad0-9787-465b-9927-3d3bd3ed33a1", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5af2c3a4-6af8-4c6a-a2ac-48d2950d210f", "timestamp": "1525859236", "to_ids": true, "value": "b48ddad351dd16e4b24f3909c53c8901", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5af2c3a5-234c-448e-9a9d-4c98950d210f", "timestamp": "1525859237", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Internet Explorer exploit (CVE-2018-8174)", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5af2c3cd-a0b0-4a81-9126-4e08950d210f", "sharing_group_id": "0", "timestamp": "1525859277", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5af2c3cd-1488-41a4-9047-4a50950d210f", "timestamp": "1525859277", "to_ids": true, "value": "15eafc24416cbf4cfe323e9c271e71e7", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5af2c3ce-24f0-4b3a-b769-490f950d210f", "timestamp": "1525859278", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Payload", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5af2c405-3558-40fd-be7f-4a4b950d210f", "sharing_group_id": "0", "timestamp": "1525859333", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5af2c405-2db8-4a55-8f4b-4b6a950d210f", "timestamp": "1525859333", "to_ids": true, "value": "1ce4a38b6ea440a6734f7c049f5c47e2", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Other", "uuid": "5af2c406-05a8-4856-a3d2-4215950d210f", "timestamp": "1525859334", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "d3d122df-767a-40f1-b5a0-f14837f259b7", "sharing_group_id": "0", "timestamp": "1525957482", "description": "File object describing a file with meta-information", "template_version": "11", "ObjectReference": [{"comment": "", "object_uuid": "d3d122df-767a-40f1-b5a0-f14837f259b7", "uuid": "5af44369-7ce8-49e4-8969-470602de0b81", "timestamp": "1525957481", "referenced_uuid": "1e6f7e8d-db97-461c-bf7d-af5f6d7cb3f4", "relationship_type": "analysed-with"}], "Attribute": [], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "1e6f7e8d-db97-461c-bf7d-af5f6d7cb3f4", "sharing_group_id": "0", "timestamp": "1525957480", "description": "VirusTotal report", "template_version": "2", "Attribute": [], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "2b8b2ad0-9787-465b-9927-3d3bd3ed33a1", "sharing_group_id": "0", "timestamp": "1526025885", "description": "VirusTotal report", "template_version": "2", "Attribute": [], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}], "analysis": "2", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5af2c413-3c78-4a51-bf3b-44aa950d210f", "timestamp": "1525859347", "to_ids": true, "value": "autosoundcheckers.com", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "", "category": "External analysis", "uuid": "5af2c4e0-5330-4f2f-96b5-4a1d950d210f", "timestamp": "1525859563", "to_ids": false, "value": "https://securelist.com/root-cause-analysis-of-cve-2018-8174/85486/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5af2c538-7a08-411c-b594-4f6f950d210f", "timestamp": "1525859640", "to_ids": false, "value": "In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174.", "disable_correlation": false, "object_relation": null, "type": "text"}], "extends_uuid": "", "published": false, "date": "2018-05-09", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5af2be06-dc9c-4086-a6aa-45d9950d210f"}}