Protect Before You Detect: FlawedAmmyy and the Case for Isolation

Posted by Ratnesh Pandey, Alex Holland and Toby Gray. In June 2019, Microsoft issued warnings about a phishing campaign delivering a new variant of the FlawedAmmyy remote access Trojan (RAT), and a spike in the exploitation of CVE-2017-11882&… Continue reading Protect Before You Detect: FlawedAmmyy and the Case for Isolation

More Formbook via complicated download chain

A bit of  a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. … Continue reading More Formbook via complicated download chain

Formbook from fake order via complicated chain using multiple equation editor exploits

Another Formbook campaign this morning using a somewhat complicated and devious chain to get on the victim’s computer. It all starts with a very basic & simple email that pretends to be an order but contains what appear to be a set of previou… Continue reading Formbook from fake order via complicated chain using multiple equation editor exploits

Fake ” ENQUIRY NO-64743″ malspam using multiple exploits delivers malware.

An email with the subject of  ” ENQUIRY NO-64743″ pretending to come from  “isaac_w@highgatelimited.com”  with a malicious word doc attachment eventually  delivers some sort of malware that looks like a keylogger or password ste… Continue reading Fake ” ENQUIRY NO-64743″ malspam using multiple exploits delivers malware.

Decoy Microsoft Word document delivers malware through a RAT

A Remote Administration Tool (RAT) is delivered via an unusual route: a benign-looking Microsoft Word document with an ulterior motive.
Categories:

Exploits
Threat analysis

Tags: CVE-2017-0199CVE-2017-8759exploitsratWord exploits

(Read more…. Continue reading Decoy Microsoft Word document delivers malware through a RAT

Fwd: BL copy malspam uses RTF exploit CVE-2017-0199 to deliver malware

An email with the subject of Fwd: BL copy  coming from  pedro.estaba@cindu.com.ve with a malicious word doc  attachment  delivers malware using the  RTF exploit CVE-2017-0199. The word doc is actually a RTF doc. It is highly likely that recipients will get a similar email with different senders and email body content, imitating Continue reading → Continue reading Fwd: BL copy malspam uses RTF exploit CVE-2017-0199 to deliver malware

Another fake eFax email delivers malware via ole rtf exploit

Another fake eFax email that I never got round to dealing with yesterday. subject of eFax message from “116 – 921 – 1271 ” – 5 page(s) pretending to come from eFax Inc <noreply@efax.com>  with a  zip attachment containing a malicious word doc They are using email addresses and subjects that will Continue reading → Continue reading Another fake eFax email delivers malware via ole rtf exploit