A quick post detailing another Formbook campaign with what looks like a few changes.Recently the criminals distributing this malware have been using .exe files inside various forms of archive, including .iso, .ace, .rar. ,zip. Frequently they use various Microsoft Office Equation Editor exploits to contact a remote site & download the payload. Very occasionally I have seen Macros used. Today, they are still using CVE-2017-11882 Equation Editor Exploit in malformed RTF word docs to deliver the malware. But the method has slightly changed with a massive 2mb word doc that when opened only displays a couple of words and a … Continue reading →