Collaborate Disseminate
Posted by Ratnesh Pandey, Alex Holland and Toby Gray. In June 2019, Microsoft issued warnings about a phishing campaign delivering a new variant of the FlawedAmmyy remote access Trojan (RAT), and a spike in the exploitation of CVE-2017-11882&… Continue reading Protect Before You Detect: FlawedAmmyy and the Case for Isolation
A bit of a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. … Continue reading More Formbook via complicated download chain
Another Formbook campaign this morning using a somewhat complicated and devious chain to get on the victim’s computer. It all starts with a very basic & simple email that pretends to be an order but contains what appear to be a set of previou… Continue reading Formbook from fake order via complicated chain using multiple equation editor exploits
A bit of a change with the Formbook malware delivery system today. An email with the subject of “Re: Payment Update” pretending to come from “Silvia.Rey@rotork.com” with a malicious word RTF doc attachment delivers Formbook. T… Continue reading Formbook delivered via “new” RTF exploit
An email with the subject of ” ENQUIRY NO-64743″ pretending to come from “isaac_w@highgatelimited.com” with a malicious word doc attachment eventually delivers some sort of malware that looks like a keylogger or password ste… Continue reading Fake ” ENQUIRY NO-64743″ malspam using multiple exploits delivers malware.
A Remote Administration Tool (RAT) is delivered via an unusual route: a benign-looking Microsoft Word document with an ulterior motive.
Categories:
Exploits
Threat analysis
Tags: CVE-2017-0199CVE-2017-8759exploitsratWord exploits
(Read more…. Continue reading Decoy Microsoft Word document delivers malware through a RAT
An email with the subject of Fwd: BL copy coming from pedro.estaba@cindu.com.ve with a malicious word doc attachment delivers malware using the RTF exploit CVE-2017-0199. The word doc is actually a RTF doc. It is highly likely that recipients will get a similar email with different senders and email body content, imitating … Continue reading → Continue reading Fwd: BL copy malspam uses RTF exploit CVE-2017-0199 to deliver malware
The bad guys are using old tricks to hide very modern nasty surprises in Word documents. We take a look at how they’re doing that Continue reading SophosLabs analysis: why the surge in Word docs hiding ransomware?
The normal lifecycle of an Office exploit can take months – what makes this latest Word exploit different? Continue reading Word exploits weaponised in quick time
Another fake eFax email that I never got round to dealing with yesterday. subject of eFax message from “116 – 921 – 1271 ” – 5 page(s) pretending to come from eFax Inc <noreply@efax.com> with a zip attachment containing a malicious word doc They are using email addresses and subjects that will … Continue reading → Continue reading Another fake eFax email delivers malware via ole rtf exploit