Azorult via fake inquiry email using Microsoft Office Equation Editor exploits

Another malware campaign using malformed  RTF files involving Microsoft Office Equation Editor exploits to extract or drop a zip file from an embedded ole object containing  the payload and an “innocent” lure doc to be displayed. Today it looks like CVE-2017-8570. The payload is Azorult. This is quite an involved, devious chain of delivery which after opening the word doc ( RTF) attachment to the email it very quickly partially opens & then immediately closes and  extracts the contents of a zip containing a Fake Word doc & the malware payload.  It then displays the fake word doc in place … Continue reading →

Article Link: