Formbook via fake Urgent Enquiry email

Another Formbook malware campaign that didn’t seem to want to fire off properly in Anyrun initially. I am not sure if there genuinely is an issue with the file or whether the error message was a “red herring”. However opening the exploit laden Excel spreadsheet in the Anyrun app for a second time definitely worked. This involves one of the Microsoft Equation editor exploits in the chain. CVE-2017-11882  or another embedded ole exploit I very much doubt this email did come from but since they do not appear to have SPF or any other form of authentication on their … Continue reading →

Article Link: