LetsDefend Challenge Malware Analysis: Malicious Doc

• What type of exploit is running as a result of the relevant file running on the victim machine?
• What is the relevant Exploit CVE code obtained as a result of the analysis?
• What is the name of the malicious software downloaded from the internet as a result of the file running?
• What is the ip address and port information it communicates with?
• What is the exe name it drops to disk after it runs?

What type of exploit is running as a result of the relevant file running on the victim machine?

与えられたファイルをvirus totalで検索する．

Hint: {rtf.yyyyyyy}

ヒントに合わせて．
A: Rtf.Exploit

What is the relevant Exploit CVE code obtained as a result of the analysis?

virus totalのページにチラチラ見えている．
A: A: CVE-2017-11882

What is the name of the malicious software downloaded from the internet as a result of the file running?

virus totalから分かる．

A: jan2.exe

What is the ip address and port information it communicates with?

jan2.exeをダウンロードしたサーバだと思われる．

A: 185.36.74.48:80

What is the exe name it drops to disk after it runs?

virus totalで見ても，anyrunで見ても分からなかったが，joesandboxのあるレポートで謎のexeを確認できた．

A: aro.exe