← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Microsoft Office Zero-Day CVE-2015-2424 Leveraged By Tsar Team
WHITE AlienVault 2015-07-16 Modified: 2019-10-24
6
IOCs
LOW VOLUME
Yesterday, Microsoft patched CVE-2015-2424, a vulnerability in Microsoft Office discovered by iSIGHT Partners while monitoring the Russian cyber espionage team we call Tsar Team. When we found the exploit it appeared to be under development and evidence suggests it was deployed in Georgia. Following discovery, we alerted our customers and began working with Microsoft through the responsible disclosure process.
sofacytsar teamsednitfancy bearapt28office0dayzerodaymicrosoft officeisightpartners
Indicators of Compromise (6)
All domain FileHash-MD5 CVE
TYPEINDICATORDESCRIPTIONCREATED
domain storsvc.org 2017-08-24
domain tabsync.net 2017-08-24
FileHash-MD5 112c64f7c07a959a1cbff6621850a4ad 2017-08-24
FileHash-MD5 dffb22a1a6a757443ab403d61e760f0c 2017-08-24
FileHash-MD5 2dfc90375a09459033d430d046216d22 2017-08-24
CVE CVE-2015-2424 2017-08-24
References (1)
↗ http://www.isightpartners.com/2015/07/microsoft-office-zero-day-cve-2015-2424-leveraged-by-tsar-team/