{"uuid": "af519c05-707c-4e41-a17b-553c218d5a8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-5002", "type": "exploited", "source": "https://t.me/R0_Crew/654", "content": "CVE-2018-5002 - Adobe Flash Zero-Day Leveraged for Targeted Attack in Middle East\nhttps://www.icebrg.io/blog/adobe-flash-zero-day-targeted-attack\n\nCVE-2018-5002 \u2013 Analysis of the Second Wave of Flash Zero-day Exploit in 2018\nhttp://blogs.360.cn/blog/cve-2018-5002-en/\n\nSample for Flash 0 Day - CVE-2018-5002\n\n1. XLSX file with ActiveX Control to download 1st stage SWF\n2. 1st stage SWF downloads 2nd stage AES encrypted SWF\n3. 1st stage SWF decrypts and loads the 2nd stage SWF (0 day)\n\nhttps://www.virustotal.com/#/file/0b4f0d8d57fd1cb9b4408013aa7fe5986339ce66ad09c941e76626b5d872e0b5/details\n\nDecrypted SWF for CVE-2018-5002, the full hash is:\nf63a51e78116bebfa1780736d343c9eb\n\n#expdev #flash #darw1n", "creation_timestamp": "2018-06-26T20:00:58.000000Z"}