Tuesday, November 7, 2017

[SANS ISC] Interesting VBA Dropper

I published the following diary on isc.sans.org: “Interesting VBA Dropper“.

Here is another sample that I found in my spam trap. The technique to infect the victim’s computer is interesting. I captured a mail with a malicious RTF document (SHA256: c247929d3f5c82247db9102d2dec28c27f73dc0824f8b386f92aad1a22fd8edd) that exploits the OLE2Link vulnerability (CVE-2017-0199). Once opened, the document fetches the following URL… [Read more]

[The post [SANS ISC] Interesting VBA Dropper has been first published on /dev/random]



from Xavier

No comments:

Post a Comment