|
18465 | 18465 | "needs_cleanup": false, |
18466 | 18466 | "actions": [] |
18467 | 18467 | }, |
| 18468 | + "auxiliary_fileformat/maldoc_in_pdf_polyglot": { |
| 18469 | + "name": "Maldoc in PDF Polyglot converter", |
| 18470 | + "fullname": "auxiliary/fileformat/maldoc_in_pdf_polyglot", |
| 18471 | + "aliases": [], |
| 18472 | + "rank": 300, |
| 18473 | + "disclosure_date": null, |
| 18474 | + "type": "auxiliary", |
| 18475 | + "author": [ |
| 18476 | + "mekhalleh (RAMELLA Sebastien)" |
| 18477 | + ], |
| 18478 | + "description": "A malicious MHT file created can be opened in Microsoft Word even though it has magic numbers and file\n structure of PDF.\n\n If the file has configured macro, by opening it in Microsoft Word, VBS runs and performs malicious behaviors.\n\n The attack does not bypass configured macro locks. And the malicious macros are also not executed when the\n file is opened in PDF readers or similar software.", |
| 18479 | + "references": [ |
| 18480 | + "URL-https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html", |
| 18481 | + "URL-https://socradar.io/maldoc-in-pdf-a-novel-method-to-distribute-malicious-macros/", |
| 18482 | + "URL-https://www.nospamproxy.de/en/maldoc-in-pdf-danger-from-word-files-hidden-in-pdfs/", |
| 18483 | + "URL-https://github.com/exa-offsec/maldoc_in_pdf_polyglot/tree/main/demo" |
| 18484 | + ], |
| 18485 | + "platform": "Windows", |
| 18486 | + "arch": "", |
| 18487 | + "rport": null, |
| 18488 | + "autofilter_ports": [], |
| 18489 | + "autofilter_services": [], |
| 18490 | + "targets": null, |
| 18491 | + "mod_time": "2025-06-04 12:33:22 +0000", |
| 18492 | + "path": "/modules/auxiliary/fileformat/maldoc_in_pdf_polyglot.rb", |
| 18493 | + "is_install_path": true, |
| 18494 | + "ref_name": "fileformat/maldoc_in_pdf_polyglot", |
| 18495 | + "check": false, |
| 18496 | + "post_auth": false, |
| 18497 | + "default_credential": false, |
| 18498 | + "notes": { |
| 18499 | + "Stability": [ |
| 18500 | + "crash-safe" |
| 18501 | + ], |
| 18502 | + "Reliability": [], |
| 18503 | + "SideEffects": [ |
| 18504 | + "artifacts-on-disk" |
| 18505 | + ] |
| 18506 | + }, |
| 18507 | + "session_types": false, |
| 18508 | + "needs_cleanup": false, |
| 18509 | + "actions": [] |
| 18510 | + }, |
18468 | 18511 | "auxiliary_fileformat/multidrop": { |
18469 | 18512 | "name": "Windows SMB Multi Dropper", |
18470 | 18513 | "fullname": "auxiliary/fileformat/multidrop", |
|
0 commit comments