A bit of a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. CVE-2017-11882 and probably CVE-2017-0199 or another embedded ole exploit New quotation 2019.docx Current Virus total detections: Anyrun | The anyrun report shows some sort of login request to gg.gg but I have no idea what or why. This malware doc calls out to http://gg.gg/invoice_doc which is a short url that goes to http://watchdogdns.duckdns.org/jae/invoice.doc Anyway next step … Continue reading →
Article Link: https://myonlinesecurity.co.uk/more-formbook-via-complicated-download-chain/