Over the last week of so, there has been a bit of a change to the Trickbot delivery system. For quite a while they used the Microsoft Equation Editor Exploit CVE-2017-11882 in word docs to deliver the payload. Sometimes using 2 or 3 different exploits and badly documented features in word. Then in Early June 2018 they reverted to the more standard “auto-open” macro in word They started to experiment on Monday 25 June 2018 with using CVE-2018-8174 but because that is an Internet Explorer specific exploit, relying on that will drastically cut down the amount of available victims. After … Continue reading →
The post Slight changes to Trickbot delivery system appeared first on My Online Security.