Several days ago, FortiGuard Labs captured a malware sample that was exploiting the Microsoft Office vulnerability CVE-2017-11882 patched by Microsoft last November. The sample is an RTF document with an Equation object. By analyzing its behavior in my test environment, I realized that it spreads a new variant of Remcos RAT, version “2.0.4 Pro,” that was released on April 7, 2018 from its official website. It is able to control the victim’s PC after infection.
In this blog, I am not going to explain the causes of the vulnerability CVE-2017-11882, but how the sample works to spread this new Remcos RAT, as well as what this variant does on a victim’s PC.
Link to full article
Re: New Remcos RAT Available for Sale on Underground Hacking Forums
Userlevel 5
+11
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.