216.73.217.22

FormBook Malware Distributed via Horus Protector Using Word Docs

· Published 29/04/2025 08:41 · Modified 29/04/2025 09:00

Export JSON

Essential information

Published
29/04/2025 08:41
Modified
29/04/2025 09:00
Tags
2025-04-29 CVE-2017-11882 formbook horus maldoc phishing
Related entities
101 observables, 5 techniques (mitre), 1 malware, 1 others

Description

Forcepoint X-Labs researchers have identified a campaign where attackers distribute the information-stealing malware using Protector, a malware distribution service designed to evade detection. The campaign employs malicious Microsoft Word documents that exploit the vulnerability in the Equation Editor.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (101)

  • www.xxxvideosbox.xyz
  • www.smfrityhvde.info
  • www.shroom-topia.shop
  • www.shibsocial.xyz
  • www.natividade.tech
  • www.praxis-it.nrw
  • www.mm018.xyz
  • www.keys4health.net
  • www.link6-tesla-nd6.xyz
  • www.hellosweetie.net
  • www.enore.xyz
  • www.coreost.site
  • www.auctionringer.online
  • www.atepl.info
  • http://yenigercek.xyz/
  • http://xploitation.net/
  • http://www.xxxvideosbox.xyz/n8ev/
  • http://www.shibsocial.xyz/ib5p/
  • http://www.smfrityhvde.info/eck1/
  • http://www.shroom-topia.shop/ty2t
  • http://www.praxis-it.nrw/rw7d/
  • http://www.natividade.tech/xuyo/
  • http://www.mm018.xyz/d686/
  • http://www.hellosweetie.net/x21a/
  • http://www.link6-tesla-nd6.xyz/l25i/
  • http://www.keys4health.net/5jal/
  • http://www.auctionringer.online/4aby/
  • http://www.enore.xyz/sdi5/
  • http://www.coreost.site/r8ob/
  • http://www.atepl.info/lxq6/
  • http://sterlingproperties.net/
  • http://tipobetgirislinki.fit/
  • http://soportemx-findmy.click/
  • http://smfrityhvde.info/
  • http://siik18.boats/
  • http://qdkinv.casino/
  • http://pembiayaan.xyz/
  • http://ppostealeone.shop/
  • http://optimuminvestment.net/
  • http://mrguider.pics/
  • http://myhandyplanner.courses/
  • http://networkcomputing.tech/
  • http://mayaheonline.shop/
  • http://lawrax.ltd/
  • http://lamorenadiving.net/
  • http://kekisi.xyz/
  • http://hlkjhu.online/
  • http://jicode.xyz/
  • http://hasan94tanriverdi.xyz/
  • http://gunchenko.tech/
  • http://glorifyer.store/
  • http://fhm500166i.vip/
  • http://giadungtot04.online/
  • http://eja-online.org/
  • http://eioo.org/
  • http://desktitle.homes/
  • http://eferakiglobal.xyz/
  • http://5s5zz.icu/
  • http://conmoro.xyz/
  • http://vsilmhxj.tokyo/
  • http://southpaw.info/
  • http://mulher777.info/
  • http://astrologerritesh.click/
  • http://headset2.online/
  • yenigercek.xyz
  • xploitation.net
  • vsilmhxj.tokyo
  • tipobetgirislinki.fit
  • sterlingproperties.net
  • southpaw.info
  • soportemx-findmy.click
  • smfrityhvde.info
  • siik18.boats
  • qdkinv.casino
  • ppostealeone.shop
  • pembiayaan.xyz
  • optimuminvestment.net
  • networkcomputing.tech
  • mulher777.info
  • mrguider.pics
  • lawrax.ltd
  • mayaheonline.shop
  • lamorenadiving.net
  • kekisi.xyz
  • jicode.xyz
  • hlkjhu.online
  • headset2.online
  • hasan94tanriverdi.xyz
  • glorifyer.store
  • gunchenko.tech
  • giadungtot04.online
  • fhm500166i.vip
  • eja-online.org
  • eioo.org
  • eferakiglobal.xyz
  • desktitle.homes
  • astrologerritesh.click
  • 5s5zz.icu
  • conmoro.xyz
  • cd3ce650f757c4414a70ab9a0b34153d94740ce72884089c152415b70362c4c2
  • 76e1dcf43d423b12bb11b59f25ba62e0597a9fd4a6e5464a882373169fd934b2

Techniques (MITRE) (5)

Malware (1)

  • FormBook
    Family
    Published 22/04/2026 12:43 · Modified 22/04/2026 12:43

Others (1)

  • myhandyplanner.courses

External references