XLoader Info-stealer Distributed Using MS Equation Editor Vulnerability (CVE-2017-11882)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
An analysis reveals the distribution of XLoader info-stealer through phishing emails exploiting the MS Equation Editor vulnerability (CVE-2017-11882). The attack begins with a DOCX file containing an RTF document that creates a VBE file in a temporary folder. This VBE file, built using HorusProtector, contains the final malware and creates registry keys for execution. The malware process injects into RegAsm.exe and executes the XLoader info-stealer. The distribution method has evolved from single VBE files to Office documents with embedded vulnerabilities, indicating persistent risks in unpatched environments. Users are advised to update their Office products and exercise caution when opening email attachments from unknown sources.
OPENCTI LABELS :
phishing,info-stealer,cve-2017-11882,xloader,rtf,vbe,ms equation editor,regasm.exe,horusprotector
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
XLoader Info-stealer Distributed Using MS Equation Editor Vulnerability (CVE-2017-11882)