[Xylitol]

Extracting a 19 Year Old Code Execution from WinRAR - https://research.checkpoint.com/extract ... om-winrar/
Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) - https://securingtomorrow.mcafee.com/oth ... 018-20250/
Possibly the first malware delivered through mail to exploit WinRAR vulnerability - https://twitter.com/360TIC/status/1099987939818299392
upgrades in winrar exploit with social engineering and encryption - https://twitter.com/360TIC/status/1100738261830397952
CVE-2018-20250 exp - https://github.com/WyAtu/CVE-2018-20250

Version 5.70
21. Nadav Grossman from Check Point Software Technologies informed us
about a security vulnerability in UNACEV2.DLL library.
Aforementioned vulnerability makes possible to create files
in arbitrary folders inside or outside of destination folder
when unpacking ACE archives.

WinRAR used this third party library to unpack ACE archives.
UNACEV2.DLL had not been updated since 2005 and we do not have access
to its source code. So we decided to drop ACE archive format support
to protect security of WinRAR users.

We are thankful to Check Point Software Technologies for reporting
this issue.

Samples from twitter links in attach.
https://www.virustotal.com/en/file/7871 ... 552429820/
https://www.virustotal.com/en/file/6420 ... 552149551/
and additionally: viewtopic.php?f=21&t=5453

edit: as it seem to rain samples here is a generic rule:

Code: Select all

rule CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP
{
    meta:
        description = "Generic rule for hostile ACE archive using CVE-2018-20250"
        author = "xylitol@temari.fr"
        date = "2019-03-17"
        reference = "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
        // May only the challenge guide you
    strings:
        $string1 = "**ACE**" ascii wide
        $string2 = "*UNREGISTERED VERSION*" ascii wide
        // $hexstring1 = C:\C:\
        $hexstring1 = {?? 3A 5C ?? 3A 5C}
        // $hexstring2 = C:\C:C:..
        $hexstring2 = {?? 3A 5C ?? 3A ?? 3A 2E}
    condition:  
         $string1 at 7 and $string2 at 31 and 1 of ($hexstring*)
}

[Xylitol]

so far the rule works good.
has been pulled also here https://github.com/Yara-Rules/rules/blo ... -20250.yar

Code: Select all

---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP
FILE >>>>> C:/SBOX/temp/ace/0312885f07b5a028e64c6a2a440a8584c67adf2c0986e99447328c4bede4e102 - wincon.exe - bb7df04e1b0a2570657527a7e108ae23 *riskfree* (nullbytes)
FILE >>>>> C:/SBOX/temp/ace/0a8d46694dcd3c817ca507d3004366352926bed39897aa19c605bf407841605e - Dropbox.exe - febf7d5f01d8ddd584ae3b9f051f6338
FILE >>>>> C:/SBOX/temp/ace/4bde9006a960da9388d3c45cbebb52ff5015e0fbe0c4d80177b480cba8abd5a0 - Wipolicy.vbe - ad121c941fb3f4773701323a146fb2cd
FILE >>>>> C:/SBOX/temp/ace/642018f0cc2afa550f51516db2015d25f317be8dd8cdf736428dfc1e8d541909 - OfficeUpdateService.exe - 782791b7ac3daf9ab9761402f16fd407
FILE >>>>> C:/SBOX/temp/ace/a49d55cd7ca0dab2d84308d56bf3f7d6b3903135b9eccd8924ab1b695bb18d93 - WinRARBeta.exe - 81521fb7a73b70881016e99416963f2a
FILE >>>>> C:/SBOX/temp/ace/dcda4a01ab495145ba56c47ff2fe28dbd0b1088fb5c102577a75d9988e8e7203 - Update.exe - b6c12d88eeb910784d75a5e4df954001 *riskfree* (PuTTY)
FILE >>>>> C:/SBOX/temp/ace/e6e5530ed748283d4f6ef3485bfbf84ae573289ad28db0815f711dc45f448bec - hi.exe - 153115cfc536f991a5a7349d78be1772

17-03-2019:
FILE >>>>> C:/SBOX/temp/ace/551541d5a9e2418b382e331382ce1e34ddbd92f11772a5d39a4aeb36f89b315e - GoogleUpdate.exe - 35f050c384154c4ae23e02b3fce79847
FILE >>>>> C:/SBOX/temp/ace/a49d38a10fa10b5d143d7505b99072ce69b2fc55a8dcf163230e48f3defa67f2 - test.txt - *riskfree* (text file)
FILE >>>>> C:/SBOX/temp/ace/d5d2dfda3e61f26a5c6f173245131dd7c44515ea56a74fc075f614f62593586c - Discord.exe - bcc49643833a4d8545ed4145fb6fdfd2 *Njrat*
FILE >>>>> C:/SBOX/temp/ace/f3e488aff1329fbeff66e0522ecfdf62cdc5ba92affe387e39c6486dd8b29a95 - calc.js - 25a5ade2448f2c664730c2c230350cad
FILE >>>>> C:/SBOX/temp/ace/3a6cc90db63a6d09721886b6e3f795e32f355d42e8faef560349ec068a9435f1 - Telegram Desktop.exe - 36027a4abfb702107a103478f6af49be
FILE >>>>> C:/SBOX/temp/ace/6732e5c6b28db5f2282d9a9f0464f5d59f4986eeeb3647e7be149b363e267c1b - calc.exe - 10e4a1d2132ccb5c6759f038cdb6f3c9 *riskfree* (Microsoft)
FILE >>>>> C:/SBOX/temp/ace/d030001c5383878517fc32c79940223a0a55d9b0ee90f850b6f0522db9978e97 - hi.exe - fc63382fde12f938bb6845c7c85ddd98

18-03-2019:
FILE >>>>> C:/SBOX/temp/ace/4d524c271ae0e40e7526ecda9a28bc99e83f5b26d98737f0f8f6b585f05b6d22 - old.exe - 119a0fd733bc1a013b0d4399112b8626
FILE >>>>> C:/SBOX/temp/ace/1746abc840a16a95824cc92f48fa1a40a11ae72b39c26be9f5dcdada09f3762d - items.txt - *riskfree* (text file)
FILE >>>>> C:/SBOX/temp/ace/a642378765e24768fd688fc6ad1e78bee3db6ee37605cb776d0189ee41e1b0be - update.exe - b74909e14e25d2e9d1452b77f9927bf6 *bad detections* https://www.virustotal.com/en/file/55a2a99c6fa9e85c74c26704124551adb496c8f114e1bbd003430b6bf6d22e5c/analysis/1552893947/
FILE >>>>> C:/SBOX/temp/ace/fcd460859250768d96ed254ab4aec4ab2ce542e6622d731f8f9a09eb949dd93f - Integrity.exe - 98172becba685afdd109ac909e3a1085
FILE >>>>> C:/SBOX/temp/ace/2e9767932b3b5911f59f021253f12374c70fe4f26459302506d612f577517b9e - calc.exe - dead69d07bc33b762abd466fb6f53e11 *riskfree* (Microsoft)

19-03-2019:
FILE >>>>> C:/SBOX/temp/ace/af24c57468944d3d7ddd53609f4d8c959fc7529f89f6f0ce819acadabf0f37de - hi.exe - f2cd27e5a72071c0b0647858cd9eb5b6

a bit of everything, mostly RATs, ransomware also, looks like the guys of 360TIC seen it as well https://twitter.com/360tic/status/1107505406744514561

[nimaarek]

How to fix second file crc check's part to write a poc?

[Antelox]

APT-C-27 (Goldmouse): Suspected Target Attack against the Middle East with WinRAR Exploit

https://ti.360.net/blog/articles/apt-c- ... xploit-en/

BR,

Antelox

[Antelox]

WinRAR Zero-day Abused in Multiple Campaigns

https://www.fireeye.com/blog/threat-res ... aigns.html

BR,

Antelox

[Xylitol]

March:

Code: Select all

---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP

2019-03-31:
ceeb05b114d99453df04bba0138c597f4a87b446a55baf20d9d5a3f121dc7090  SMASH_Fornite_Logs.rar
027ccb2e3874e05fbaf750b2253c4044100021741abc77f720804de4040fe3a3  sdhong_exe.rar
acc5c5092e3f7f7967f1827434e4c738e867e476c9e4ea8afc18e1e680346cc6  sdhong_bat.rar
59e91a86f54103fb2f9a939d103dce5a9336e326b3b69c23d71ab6f00965e11d  test1.rar
225ebf984b6d076d36f793c3026e01bcaf7befd8d147a3f56d0f29638fa80c8c  test1.rar
e3bc0eac10715871ade157888b9488de9bd2e2f4c31d63ff07b40f8556195e0e  test.rar
4a43bf2bcd92831a73ba524aee4d5a7c598cb23d119360007238d7d7dc9286e9  lGP6OzvF9o.rar

2019-03-30:
b51dcb4b9a6906a4cb26e1992392659e7d76e60fb57f62c312ff60d73ccaa4f3  Vajyx03oWJ.rar
b2f7da4f0a3a31ef8e4d786371e3a0f496d872a4f811de9cfeeefcae802a21af  achil.zip

2019-03-29:
c8c2b5651246fb9fbfb06ce1acf060572eb2f148a423c15eac06c317a06a39ab  report.rar
35f9ec9a75d712ed471f1643eb7e44524aa7e9cd23439451ceecf7e39dda53e9  daxong.zip
06b6b67db19230d2f8459bd1530181efa619ec75e0632e478252b66dbe0f95ba  datapack.rar 
cd4c28e283ccb4a57a5451e4782aa62326577949227ebb32337d0b901d69ba7f  ddd.rar 
c448dd7896f0e9b103e340af14625c92f4b5585dbb0ab711131308a7554db42f  evil.rar 
733b9b3e17dc53566a4bfbb24745173bc0d2bfc67cd2d15b2ab9bc32888d1c2d  rar.rar 

2019-03-28:
86d3ea6435533e2e3e0c1cb5660d2cb93ae55d137a10a99e1f44ca6d6fa04851  DanhSachThi.rar
a942c5c780363a2f831d2ca955f5dce6ecffa5673fd474fdb75039edc8f8d25e  JRlK9cIH8o (1).rar 
d18a2651171304e58d3cc604a7df013a6b72f23ad431bb4b838e6055797c7206  test_4.rar
58736c33eb329cb90239443b473c4d23190f68d6e1592bcf13e9484a8f82dc7c  test.rar 
a108a405bef3fdfe743351aa8a08922927b1c51fee2ba0931ff8229e0695daf0  I_AM_NOT_EVLL.rar
e382ed835ac43ea87a206ec17b6501aa06aa0d10681804e098c7cf93cd8f4baf  test2.rar
deab281b10cb21c76473e40a0ca5966ec96f24f1751335c66db7268172ae9158  test3.rar
82fe925d93d29fb9f8b8ca6886739cdabea8f1bf17061d874c918daa4663eb16  My_Research.rar 
4c9c7620cf9acdca26b4d1f8f8852cab7da93c1d381d75b39baf352ed69efbf7  syLW8QHZPK.rar
ac66c6bd2574cb0e4332d0e08a9be7bb012a810a9227938550b79143167de9b4  test.rar

2019-03-27:
6e4f0282b212ed39ec61005aa7dd305b645faf6ca85f89d89fe2d389d1d54086  06156cbf6799707479b718c6218b4e48 
7657e5168e2f400555560f3731e3903d780769f606a9d81a33e14c07c098aaf7  997288e1c75672fa47a35ee63dc4d55e 
6f91222109c8556876612c82bfcb50d8a4ee66501e63dc392343e021dd7e563c  zakon.rar 
467eba84ab6487297d9c0eba2fa28394bd155a089766d8f1f293b0d54741cb9f  AmK5lQUwYW.rar 
3542f78cdda1aff5c01f0a0b47e20f838e7efcac8a1b0c717821c109579e559e  AwOzLs18iq.rar 
bf626d4896d41b96dcd31caa5a871b8ef1037cf062893cc4a494cd7913272e62  z304q2dDfa.rar 
14d25fd72ac40b4559170d9afc2aeb7211b90f19449f2263d74984134110f066  WE4cIb98Gk.rar 
c458060d2e3a413a6070d52562c39c30ba21f192e8e63de8ab18f38d568e9993  6370a37eeb96ebf1925f0c9beb6f2dd4 
610c8dd293ce7fda9292d6c0235893e1f46b5662c338cb2c3aa23eef168e527d  ea2a03c56e65efaabca40d33d3650c58 
020ded0f19bd07105e2a41c602a723090f7ccd042c13828d95e979eb53b96d75  90de5d4238f1c265b522098a1db8133d 
c83c6dc9193fee8d516bc322cef5fb9b0cad8b3783b37d13a23d874c50572fe6  c66d2ef2fb6c0bfbda9600566a2f840c 
9c120860efe6bc880e510ba831b6b7cb0e298455e6a7757117412b9e98c49407  64ba3d8215b85eb6d7477b01d60fc984 
14ac4183cc29f6446f5373e0f9c5800e26f606cec8e0eeed45767fd79604da6f  Q7DhO0Uqnm.rar 

2019-03-26:
df1967fac24a0aca82010a325d479270b1216734250db1db874c15a91513ff59  phk6rDSze0.rar
e66e3804a15618320fde2ec92827cef7a46d98618b6ad7be4dad930419d97f25  test.rar

2019-03-25:
8c1d4e2f91e307f34d292d1a59adb8d341a2f93716ff2d4361cd7a9ec29137dd  nr9SC6i4ps.rar 
45cab038a6c861514a567055b1552894acf56cbbf47b20cd5159706692d6e12c  bvyTcUQNsY.rar
27ad9b1ff8ca1a2eba818dde24e06a48bc6248d172c525f220aed2f31ccae0ae  c23fffec565170e79125091d59e283f6 
76da78a3cbee48ea9aa5d5663687622861d9c141574f0ab242957bdc44b8c6d8  winrar exploit.rar 
60b981c1a1d38d486eb6e54742e5c9704290f1a3bd0da70d30c1324137b0abba  XeaHVp1NCi.rar
aa8747fe59b43de56383b20a23b1dbe2914a7f560b82f5edbb8d17507ef4602b  M2pbCoZawU.rar 

2019-03-24:
b3d86ed29b3e0feef07e2f762ccc4c9f6bf5b9ecb9137cf02cbb6bc33158c3b7  ugLY9UhqI6.rar
edcba833e3faf58b7b5a178d068cba903eb7ca44206a1c9e0109c3214e28850f  91c817392cf8862bffec064c8912f121 
503fab31f76d22113a2006324c88a8e0d1f63e431a2d2ceaf31ed92838d20e74  7b0fb7dd80a5d58afc7cff5f167f178b 
703b105cfd970cef214e4f36b707eb67596c72aae2fa4b8272c25e7f14e31123  20fD6FuBWY.rar
ff0fb47cd32d7045207a869d63fa7c013364b5202e65a017fd914bf9babed93b  fE9phg70lb.rar 
059b3154cda5e458ce92b90c74b6ec10c3789ab8d1564a8e8354bc9d430f7938  ys75HqrMbl.rar
89dbc826fed3848b6f25a3dfed50036064d06be18be8a692fac59864691ebd0c  zeyR9BI4MG.rar 
2b324d64eb77bd1554e8e550943d95ae8afe8b424d7878c15a598f8e0834d402  sfpFzY50Bo.rar 
c294b055a191f6b4b1425f4f00a7f5d7389cc0df4f068b706e2ac95b532b0cce  NKwH9aYFGU.rar 
58217ce256cce73059be45771ddb460cda8fd7fc9ae1d0306b74fa5a13cf11c6  sLmn74wakh.rar 
6fb4bc77f568b9182faa9827e65fcd51f9b24a076783a5691dab6c1e48255a82  lPBXofQik2.rar 
564fa3c56b87767ba382f9a100e49ed5b38b1300990045bd26901162b3db3057  dUnM9lqj4P.rar 
ea56ae6ee590221cb110adddd2e39f19a6d6ab5c3bb993f53ba73810d0919fcc  lXfJEzRLrm.rar 
3284da5cdda9c514eaa792aa3f41294429e65e4c999d9d8c1a26467aeac61e11  eynMH2qhAN.rar 
265bf177263fddb83f87a4b8d54748631a66cd9ec8b1027be1ab2291cc10a37a  YZzxe8mLwK.rar 
54d272505792540732566e4ce8ebc4c1eed72341daa75328638092941c1df984  ZELGDBySdc.rar
0b989b8b7a550cb1f0ec990837a657a2282f2495894e8fdd7bae0dc0e642b3b1  VM3vPbkeJD.rar 
4f8cb67caec562ae26cb7da09a86af3b401fa848fa8f52413911ab75a795ea3d  Y95EWfXCPs.rar 
7eb95ccf9ac39a5bde7302d5d4281e2fde22c43b8e25229a784bb7a6e2f33c9d  T74bBaKxoA.rar 
64aaf0cf3145960ae60602c46b01bd43760d34e279cb2d8139811526076565cd  QaeuJHW8qd.rar 
1d0b7ade51ddf24de2500c227bf35daef1fb4e41a9f870c6e864aa32936fb7a3  Rr9c06C2Hv.rar 
7b1690b7690d9434d899875801101af6992e631a8d14a10c91e3662a6a657dd0  KhY5jNJicp.rar
1ad112b317739f5e2e43c1886f559559af192681c9699d7967dfb0ae6afb9bba  O7yRelVxYo.rar 
b5b45d108faec5b995c14263777fe08e6ee2482f931ec2f3a367a9d8ef55b7a7  M4sIJDpR10.rar
87b1b58a331363be2b887c1f093986af654be461e85ee2c361c49e37e899dcb9  G8yutIpQfA.rar
fc80ddda3aba8cd790836b705e008b5f1d7e3fed7a9355954cdf889f6f962492  LUeRb0aVQW.rar
be37c6d23d68df969baaafa0f25bf93af3865fc62e9fa98117e44dc21f440b8d  IqK8iGnpcN.rar 
fbdc41b728d86130b1b32fe79592a2de9f1d0f60b4e37a1a7e14c56205595cb0  GD1nmXWfVF.rar 
d489abe38a0788264074dc3bf5279ef1f605f72c7a0f1ee86365dd1ed6d216b3  JIiPza94nU.rar 
84389e682fbbc18a2ad7045fc60931a0d4a87da2efb93e4720b4b7f3319a7f05  HMs7gPhG3B.rar
67dcf0d71e39f8744fecd5cd2faaa23cc677a466df80ecf13d08672eb6dee9d5  HR8YQhcMjU.rar 
39e91a8cb5fb5dbc6c34342b7b6aeb723dae73da1fc1370dab765380378e3f6e  Cyd6AhfPBU.rar
f184e5a57401c85816c5b14f0fa351b44f207bca848a534c02e7eaf2bfeca67e  FyldYVvA3m.rar 
ff0fb47cd32d7045207a869d63fa7c013364b5202e65a017fd914bf9babed93b  DkZyp8dBag.rar 
a9b6281855248a58968fa96c1f3c9c1ca9df033ce2493d18052a1e252ebb0d72  Eow04ZmbU5.rar 
ca33cc899582d3dd871e5c3345abcc052fab0d355954b09945c8eb3fd6d71c80  9iS3FK6rsh.rar 
6073cd21e62ecc3152bad6965fae7ea7cdd354f1d0c1f884486af53895f88c64  7euTgdYwJo.rar
cdadb71e85a9d62c5005889f5b1f866651be4f92bc1342860538eb86b622e708  1n9aXkpWum.rar 
a4ec20120bfe52e654bbe31d7f5590933740b2f0692f017e8ade2be4f9b29a5e  5FQxWm0Sjy.rar 
0a3c5e245d2d418d49c65aa881edadf0fbc00552a463ac543338eac2f1419846  4Ci3sGPQ9h.rar 
a3698cd58c8f020ffd07b6da6c99547f585e9933a63f8fa85942249060eca92d  0Ql2IAFdno.rar 
bad5108e6ac5a7e289bf5b65e2de134ec048d72d65bf205112ab3434cce45b79  0WpLIPlSnx.rar 
14e0f7db37ee52865553a46336a948f79143113e43285210cfbcd19ab5fa02a8  .
004c47495ee67c0cd2f2df94e80adfb213a00aae041785a0e3241d125295ccca  Aimcheat_pro_cracked.rar 
129a95659284a9269bbf9141e54c8480c042d901d447a6f3e9f8cbc5b771ce5d  SynapseX.rar 

2019-03-23:
4169c7c4513abf34a1b786838352cd5701da10b9333ca4e4ad63283a893326fa  4OMHFhqEnv.rar 
7c82abfc769d3bf30342082277c1d616df02e2c28f9460f11462aaff31bb83bd  .
99d71d6d1fdd2621171f396ae5d1c7029a5ac5e9a4cd153c87a04b14da716774  26ab405cbc5b3afe48a08c06920e4d91 

2019-03-22:
2c9152574698f2b51ec6be0ca52c5b4d3017bfed4004c8fddbe46b4e90c364a9  =?UTF-8?B?0YHQu9C40LI=?=
ccb1fc37ae7b0f3c40c8f5169e625645996c64f21cfd0dd0a02eb965354052f2  np++.rar 
5f7d2ec922d58400c2d4a5934f1c009988297f770ee8bd402cf90c316db80009  khalifa.rar 
0387349a884258b521ab239aa8d66832f61998276f07d928cddd6bcbc1cf6235  Заявка на просчет .rar 
5b5eb8e40c30150117d7db4fa930682fe5ff5c25de05b320d99fa9cb219f6ef8  test.rar
d1155418b59ee1b40010c299e70b63ab60c49737491f640bc8a7cd984b84aaa8  test.rar 
5324c8cef6ee97a794abfc07cb3d2ffa491846fdb3b911915ea0d441347bd493  Abaza_Arsiv.rar 

2019-03-21:
b5a84e8079dc8558d3960d711d8591500b69cf79e750ecaf88919e398c59383f  denuncias.rar 
db641a1873f686df281d83677d06f93964f695f287d36dd92ee1e5318bbb92d7  YZSZXC.rar
642771ffe93bc5d74343a73244b28ef183a4edf03fc50ac69c85474d537d33be  data2.rar 
5ceac7a8eaf9b0ee57aeb4bb357e73ae0266f4cb094fff4b0c37491b58afa29b  test.rar 
377d7a436bcebddcc57e8e02185e137980c5231b3c66a9792f65c7a56a44704e  acefile3.rar 
ba80418e505cc92f63a923f699b52376e7707715caec2eb5bb63790cb96a0dcc  evil (4).rar 
f1fb063ed4d468cafca3b628c3842563c0ee7107a083655277e764f01eecea41  f1fb063ed4d468cafca3b628c3842563c0ee7107a083655277e764f01eecea41 

2019-03-20:
12f15634023aa7dd243570eb39a2d208e5066f1460fba5c8d1bc2ce7c7b3cc46  memes.rar 
e63448fb4d3ac86efc7b2b9a72f4fafb29274228f4329d9cf1ae16597ccabe1f  test.rar

funny 54d272505792540732566e4ce8ebc4c1eed72341daa75328638092941c1df984 contain atm malware.

[Antelox]

Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability

https://www.microsoft.com/security/blog ... erability/

BR,

Antelox

[Xylitol]

April:

Code: Select all

---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP

2019-04-01:
6dffbbe53b14d9e9ef3b758a93244d268edb370f26b11434af0930e7ea0a98b1  test.rar
57511133930b64392eb093612c0fb707b37a7c8f9ea7f629ce138fa6eeb71911  file.rar 
a9e94c9d13c3aa6fb9ed9deddbf2007b43c07b68e951b4c38c10dad63bdac447  evil.rar 
82ba11bbf95824e5589e2184d57c90b273b8a15f3eff8b66e3d53f2529e83336  file.rar
8c0ec892901fe1c7527fefc6d283bdc3d48f2142f0d19585292c0024294871dd  file.rar 
60ad8ce6c7fa41da2bd3ac4f18857479918f47b5093bc543b1cdbcb5c91a8ea8  file.rar 

2019-04-03:
b68c3fb13242211b8602b55507e8dd9558ceca682b6b6074c905454423f10466  =?UTF-8?B?0YTQsNC50LvRiy5yYXI=?= 

2019-04-05:
842612d1afdf78cb8893018f3aeeec7df9f5f0ab245fe8e6d6b28519d0787937  rnbo.rar
c242b79b4da158d7589eec487063b8709f0b63bedd830af654ad5bf2e4164f3d  oR0jUbsMFQ.rar
fe5a1425e7efc281f4e9c8553692dcaa3e2d61168c6796b0820166e4583a303d  archive.rar 
9d41a6e67b6a4733e0eac3e30807b1dcfb176e560e6daf286a35187682b69f0c  ndxhImEAKg.rar 

2019-04-06:
4185e8ffc4a6acd639f8ec3157f3f0f5608f271597fd02b513b5e7abcbaa2833  hiddenvnc.rar
1641545efc299427e1d6f5cf1152a988ab6070737b6a730c5270685479bb2804  file.rar 
345a5860d2b369e79c47fa64228890eb95d1fea42300e194574eb223235b28bc  dttcodexgigas.c753b97880a6f5b442a9e9570b71b97af9cdbba7 
5902d573c3190696b24875a82336b9fe8e29aa5679e4fbdd8aa7a18fa38c9313  dttcodexgigas.610b9b035abd7908dcb304a648ac555febe92eea
f28f7e2b7d5fb09da6795a9f9bd439efef6d748a2b07e02be90e58236d0941e8  z.rar 
fef9e92f8391098897ad01baca2ce71fae5e686df649d350ee0cea88c4dd6360  54d20f214896c02b4078b8a92d2fc0ed 
9b4acb53e28fa06a2bd8b8b71eaec707de7141d2b3acb1aa5e56c5b0bf96db79  Reservation.rar 

2019-04-07:
d420529cad00f94b303a541ad80347e6cbb2012b2ab8fd859f0d3865834262ac  playerbot.rar 
64b813b0b54b5c7808b3945c2f9fde6f032a8858e8170c07bb699480998a3efa  test.rar 
58b6b0b5a9ca932c41ce8c76db1e128bc9aa408958c424b2f1437a26e3d8ba31  test.rar
a1222a39135e7238705d357669060cd54c77e622f1098edf5e48b51b2139ce85  test.rar
2e659edbabc842a7e856d03f994a592c664299a10daa03bf208d348dfc205ae0  test.rar
c473d312cbed53cdc555b870928881b2a8e918d39c54c20a029de75a7f425c91  AllSocksVip72.rar 

2019-04-08:
edd6bebd70cc22f506e7450fc796110669e4329485b1248a2bf9c54d3ea696ca  files.rar 
39a469397a0ee0c8cb058eb0f4209ab6d93345976595f089329130bcb8b837fb  traff.rar

2019-04-09:
75e24e548b7a026e3255633758145398f15b7b4a98d242f6d98139c4de35a494  evil2.rar 

019-04-10:
f1ee7669099a145bf3c67c750ffcd874d0668f665c9937390f21413d8333b824  test.rar

2019-04-11:
7e8e21997dff3eb303da018070dd92774c953d03f16bcabca9c80db2fa4f472d  evil.rar
4cb0b2d9a4275d7e7f532f52c1b6ba2bd228a7b50735b0a644d2ecae96263352  44912475958D7D3323633836FE62D41C.ace

2019-04-12:
1fc9573cc37238db3f2d05e04a04cea86099d893e62e299634bc867b414d53b4  test.ace.rar 

2019-04-13:
92f05a480bef68f60c5032128569c40a0178e39dd545794ae8e7235d746f196b  e0b0b0b4a404ef774d7f6bdd17125b48 

2019-04-15:
e24aac6a1a6892efe6a674365c0577dbc6d809e89c21e73b82118d9a87c522d1  Skins.rar

2019-04-16:
443e35089748fa1e8f1963bea84682146f7d3db9bb764b8a8d9ab973ccbb84fb  Priglashenie.rar
456ac82d39702784a68a298133368f23cf558f5f5db35cd2cdc037acf1888bba  evil.rar
1b19a7318feea8e7f7fbdf96c5c05b08930eca94a700df436f9ca9d9cd8ae98f  MY_LOVE.rar 
addc42d2e77107f591f47df3dd54b5c90e53cd7f0a4e27c00b2380290e1eb742  hackergirl-test.rar 
6fc548785ade562c67e0afd3017217989265bbd941631314c3e36029cb2ca81f  evil.rar 

2019-04-17:
15667274ab0d29df83482ff087a272cfe7b2820425ad65549bc566ebd80f69db  пароли.rar 
71a9b3200b56d9d399b4ce3f29586e3bbec962d6454ae3cf76b3827f551c8496  Gtfobae_sliv.rar 

2019-04-18:
91276a7482f8992e2e58cf1b992fbce2d8a0d441aab64a41c96e23a30c3f14ce  nowvirus.rar 

2019-04-19:
f984e443aa45451c6585dfa449972a6dcae78b34c6bf4f30908ae96ac401d0dd  BagNew.rar 

2019-04-21:
7e15bbcebbd0f9612a7eabc55b7c71b74cce30e21318668563d05de735c7ca8d  c7483bcf2dc90b46614c6806ea426cc7 

2019-04-22:
f3b8b0e904da26c905985b358f51ee7a4dbc1a07b0f4770f3d227179d7d43dde  sZdqKapJmt.rar

2019-04-23:
d28632c14683e093fd7ac0bcc1ffc2c79b229da6495c88239d62eeada4b62837  test.rar
b1c6eed45b907c77041ed3a3fc4fbc299b0085060c383979b880c192c44ca623  b2158dff383f715e2ae2646e2eef8eed 
921e9b25c2f2b50bf367281046696d3949770c38cc34e59b9b95819d360aea02  yahoo(10).rar 
5ff4aa09fefd75ada06811b78c3b858d28b9f637340ac528f48e26017c1e48ef  DBCBruter-v1.0.1-by-xRectify.rar

2019-04-24:
ee24a219fddbfe80399782e00388346e86d6898c13cd56ba4af72ff6db3c1288  CS-GO-MULTIHACK-V1.8.rar 

2019-04-25:
63f5f8d6cd6b12ea6e09cd49e748395ff192ab9523982e9760d7691dfe19123c  aa.rar 
c4017c813a8641dca1addbcb08173efd8880ea281ec76f50356201a82028c46b  msf.ace

2019-04-26:
28621f1e3060009d6baa3ea856bdda01a2f4afe9c6884ed6e9d4ecd00f43bc18  De-cuong-luat-an-ninh-mang.rar 

2019-04-27:
db9eabe13a2cb267f9a38084bb5ae9a114ed5f3ec7be0c9716e26ff177c5548a  ZxGYQUbfk1.rar

2019-04-28:
486d7793b01879597757b4ac56ad898935bdd4eb5c01a4bb0463e1adf4eef75a  evil.rar
2b4e46c7447830a91dc89379b8d2443990fb483b19444e1e3c6aa33b89ff255d  new project.rar 

2019-04-29:
557077003bcde3ef23d2202f231b0c9c29fab0a3fcd797531ddde99179103621  omar-alhaddochi-2019.rar
40d95bd3d0867435a7bb71501a30366708805b97ac93f112dd0fcbe6d97a6b32  jVTy1PORCX.rar

[Xylitol]

Mai:

Code: Select all

---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP

2019-05-01:
9148d0c4bf8b4359cfe403bf3b2aa87a8f32bce80d0b31dcff164619fdad2cee  free_pictures.ace 

2019-05-02:
15d830d84a6d9f2b04c563a43e90f1bd01a6a175ffdf396ea854d1c7c56c5f6c  test.rar
824ad4f2f36a8267b9c7a86b1ad825041539806d23b8a87662c04ceab8aea8e1  m2bfIpZ45L.rar 

2019-05-03:
c05143b910a813b0c3c778c6a5f68181a9779cacb6cee5683ddee6d66298f926  Fortnite Hack Tool (1).rar 
80cd9ff2284e83ec9a838e6ab667c1fd5b2e166693a30dfa20c4e3b596f130e7  fuck.rar 

2019-05-05:
228063ffd3fefd87244412fd3dcd59aa0c8ace179b1c4edb1bf9bfe304501b48  p0c.rar 
53d1756edfffa3ebdcafc4ababb4844111ffd1a772fba87b283e509bf88279a0  p0c.rar 
8d8dd62c7f3a3f604d8dc38677c6ccff8d44e129608421ce2db5039f72b0fc1e  =?UTF-8?B?5pyJ5ZCO6Zeo55qELnJhcg==?= 
d6d0b52ae83f9b7c4a55c370d3ed12b1687fadac8cc698dbd2c96f0bb9dd7d9b  test.exe 
d7d9080c5bcc4a227e908c9604d7130656d43def1b1e3d0860236b44fa94f251  msf.ace 
f784cb4c444138ab187f62fd15997981612ea1e109c5079be31f649cd0195d4f  OLjUHIekiu.rar 

2019-05-06:
924cc5ffb65b5db5d01cd32c48d02032cd54cc6e9b770caa1f7af7278a804a79  test.rar 
e53e7e19846d0b62fdb97e633a6da7f2f5a53200ed8403e27249ed78a01bb439  mRc3TsSuI1.rar 
 
2019-05-07:
0ea97e612cf8af9f4eb64fffb1a0ff6f671adbf3ef04e42becaf30d268a4ef37  fsdfsdf.rar
b7eebb795ee41bd32191b1600653fb2da64c4c31f3cad453fa4d9eb30326acfb  ExpressVpn.rar 
be043fcd5fb3ae98be9ec32d3d245ff5c043314228202ccd4b3f6ef54722cef3  qgixmaXk3Z.rar 

2019-05-08:
ad525fc211b6e7ec092c5d5388fd1dae140ab8d2882d9873c16e301c4067f091  Rohales.rar 
8f53fa517797f09757a77998215aebb80343d7ced3ac0bbd66fa4b54c67e522f  dasdadas.rar 
1951ba222fed14cfdf4954e9e4c34baed60916f2c1fa0ec775a77a96e3b65219  test.rar

2019-05-09:
bbc3003f3109e901563433d980829f239568967caf4dd49e6eb7bf34ed9991d1  test.rar
2f5d22cc988dba250c03eedcc5d7ee0ae3bf5d2a9b32398dcb05f54736ed3460  test.rar 
af6cfe2e06ab7641619095a3c19df05975833de45bacfb13019b8e229bdb352f  test.lzh
7516b507596c9e1cc9927dfc328fbba4a49aa49e183e4ab067e14633c789ce42  test.rar 
457e0dae575436e70e795bf4009bd6790eb670ea8c12b6e9ee1e9751f4d315e0  invoice.rar 
74733a14164513a7065756d3f650db76ce2385073bd52a058fe0a0e165cc27ae  invoice.lzh 
67ddef1201b76def3c408e35526157b4c4558f8cf7901b5a90bf6b0396bbbfe9  4c4c7aa5dda386a2528723b6a79456f8 

2019-05-12:
591c3fb722937fb06a5231d34450fad7c0669addbcb2f8a018239c5b044904b7  DhEBAGWvzx.rar

2019-05-14:
144db1837b71df6fca34b82d898bd303dfb9028771f075bd0766ec5021133890  msf.ace

2019-05-15:
e22ede1f62cc33693a75cc71e2265641f95cb9780e22ca893461f952828ec9ed  msf.ace
6ab94540b9b70b1d5ca9aa957d420bffed1ce3b8cdd987fd90d1b55b5fd74c00  Zapros.ace 
6ce3a4593d89b83e0fcc2e38e6110f6b335b6d87c0704e424ea8a1ca1ab1d12b  test123.rar 

2019-05-18:
102cc7af0179d1bd8c271795d0812e13c841d14029156044932f305d8b7d6a7e  pedro.rar 

2019-05-19:
cd18bfe9382cbdb214528b29f1276ef964a9ca7a8d005715e6a54c715f675bd4  fr.ace 

2019-05-21:
24fa65f09b8c695d4d9820073ae411cde4080531a6046201ba1a4110ba7ceafc  test.rar 

2019-05-22:
ea9705b516bce5dab7ef574d78553fc25e7b0fd21922ec37c5aff2d660f55fd6  =?UTF-8?B?0LfQsNC00LDQvdC40LUucmFy?= 

2019-05-23:
6f37bd802f98ccae8a5450b23a63cd49939f69e3d80d1ea27ce49613426683f7  217c91fa315ec3013c5ecabcb3c2bcb1 
56ed7631cad94d0a98691d7c671ccdcbb944401054decf24047f559dd9deaac0  test.rar

2019-05-25:
dbf2c092cd89f722bb42a70f3592372532bad554a8c0ef71968e69d779dc2e7a  af5a24aad86135b978686192ecf974e0 

2019-05-26:
7c6ccaf8c9a7dbf4d3cd8b838c68d8558c3ee015d7724994cbe15ab583eaf297  evil.rar 
f4e05da568d7fa35b44f1ee70bbe73e2d6c2ea36ec0203334d8231b812a1461c  VID-2019037 Torrent.rar

2019-05-27:
fee41bdeb08e33e8907dfd2a8b76f33e3af67477691b0d55121a6ac1198f4121  wm.rar
ce06dc8cbb681abbae2cfa1667487bc8de3f044adf12921e910d7a8fcfc61131  ccleaner.ace 
6eadae16e0f26fb2c9faf227df994d37c556662fd527a748670a47125a20e665  Crack.rar 

2019-05-29:
e962ecb435021ef3de2d55c306350ef5b3b3f025a91ef5b7b4721ccbbd303d01  evil (2).rar 	
95ead1427fc7b4abe3f298eee0bb0a372d14612887bc077687cdb0b38344f1f0  password.rar 
755859c5fc74915a5679d7aaae95c0edf5c21b29e34cc2cd7f32ca046789b8c2  Oso.rar

2019-05-31:
151c1a4847c5674215658268fcfc532501cd92d9f248d4da4a39b03e8ff208d9  rar.rar

[Xylitol]

June:

Code: Select all

---------- MATCH: CVE_2018_20250 : AceArchive UNACEV2_DLL_EXP

2019-06-07:
b8658321126d00b76d2058f02587ffec4595ef991096f98c0f5c204db0446edc  test.rar

2019-06-11:
16b20a2af04db85f5845ba09ea4d2a7e01506417976f10b87d50df06fb7ebc0c  =?UTF-8?B?7L2U7J2464yA67CV7KCV67O0LnJhcg==?= 
c3b1ba9dca6eadc9ffbcc333e64a8c09a7e860a6848725e6479209f896a4bd7b  файлы.rar

2019-06-14:
c538c589527d3a17ea284d7df4d26af75493a839031dded53730894a0a04f17a  test.rar 

2019-06-19:
bcc30868d1f55a770f799776170445cbc53871df87551ed1a6081ae573d327bc  test.rar 
bd5e49fdb6e5cc49bad85a3cd325d4948d0b290771d31406d93f5a760a8be975  evil.rar 

2019-06-20:
d2fd0491accbde0472a237d9d9b20a17dec9186d7d05ac605755ba24bc76653c  Documentes.rar 

2019-06-21:
b23676f5f91e40e5ad2bbc36fc4241b6e23dd882143af8059ecf89e7740d15f6  test.rar

2019-06-24:
a54ba049f49162591dd27ed499eea424ee8223efe1c40ae3650124f20cd47ed8  test1.rar 

2019-06-26:
842ec5e359ebb245adfac1ee4fb679b9af75d8f72b6f951238f945ac2de924b7  test.rar 

2019-06-28:
560012408a7f51c84f21f135691d7ccd271624e34df2d45c065c7e45f42092f2  pentest.rar 

2019-06-30:
3653bd614b48aee9e97c556e879e5978a5878c1c5a7d80704d10b0fb624042d2  evil.rar 
401b24d1a50117f35d9dfabef621e4925bee5e58f53b2ad121f6fa30133d6a6c  album.ace

look's no more used now