More Formbook via complicated download chain


#1

A bit of  a complicated and difficult to follow malware campaign this afternoon. It all starts with a typical malspam email pretending to be a new order with a word doc attachment. This involves various Microsoft Equation editor exploits in the chain. CVE-2017-11882 and probably CVE-2017-0199 or another embedded ole exploit New quotation 2019.docx        Current Virus total detections:  Anyrun | The anyrun report shows some sort of login request to gg.gg but I have no idea what or why. This malware doc calls out to http://gg.gg/invoice_doc  which is a short url that goes to http://watchdogdns.duckdns.org/jae/invoice.doc Anyway next step … Continue reading →

Article Link: https://myonlinesecurity.co.uk/more-formbook-via-complicated-download-chain/