CVE-2017-8291, a vulnerability in GhostScript in Hancom Office Application being used in Targeted Attacks on South Korea in the wild.
http://www.pwncode.club/2017/10/targete ... loits.html
MD5 hash of the HWP file: 3d0d71fdedfd8945d78b64cdf0fb11ed
MD5 hash of the decrypted DLL: d897b4b8e729a408f64911524e8647db
Theme of the file is related to Korean Day (celebrated on Oct 5th 2017 in South Korea).
Payload is decrypted and injected into explorer.exe process. More details available in the link above.
http://www.pwncode.club/2017/10/targete ... loits.html
MD5 hash of the HWP file: 3d0d71fdedfd8945d78b64cdf0fb11ed
MD5 hash of the decrypted DLL: d897b4b8e729a408f64911524e8647db
Theme of the file is related to Korean Day (celebrated on Oct 5th 2017 in South Korea).
Payload is decrypted and injected into explorer.exe process. More details available in the link above.
