More Formbook via complicated download chain


A bit of  a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. CVE-2017-11882 and probably CVE-2017-0199 or another embedded ole exploit New quotation 2019.docx        Current Virus total detections:  Anyrun | The anyrun report shows some sort of login request to but I have no idea what or why. This malware doc calls out to  which is a short url that goes to Anyway next step … Continue reading →

Article Link: