Keylogger Installed Using MS Office Equation Editor Vulnerability (Kimsuky)

June 13, 2024, 10:33 a.m.

Description

This technical analysis examines a campaign by the Kimsuky threat group that exploited a vulnerability (CVE-2017-11882) in the Microsoft Office Equation Editor to distribute malware. The attackers used mshta.exe to run a malicious script that downloads additional components, including a keylogger. The keylogger collects system information, keystrokes, and clipboard data, which are sent to a command-and-control server. The report highlights the importance of patching vulnerabilities and keeping software up-to-date to prevent such attacks.

Date

Published: June 13, 2024, 10:14 a.m.

Created: June 13, 2024, 10:14 a.m.

Modified: June 13, 2024, 10:33 a.m.

Attack Patterns

Kimsuky

T1120

T1080

T1059.003

T1059.001

T1518.001

T1573

T1070

T1574

T1518

T1082

T1057

T1071

T1027

T1053

T1112

T1056

T1090

T1059

CVE-2017-11882