Keylogger Installed Using MS Office Equation Editor Vulnerability (Kimsuky)
June 13, 2024, 10:33 a.m.
Description
This technical analysis examines a campaign by the Kimsuky threat group that exploited a vulnerability (CVE-2017-11882) in the Microsoft Office Equation Editor to distribute malware. The attackers used mshta.exe to run a malicious script that downloads additional components, including a keylogger. The keylogger collects system information, keystrokes, and clipboard data, which are sent to a command-and-control server. The report highlights the importance of patching vulnerabilities and keeping software up-to-date to prevent such attacks.
Date
| Published | Created | Modified |
|---|---|---|
| June 13, 2024, 10:14 a.m. | June 13, 2024, 10:14 a.m. | June 13, 2024, 10:33 a.m. |
Attack Patterns
Kimsuky
T1120
T1080
T1059.003
T1059.001
T1518.001
T1573
T1070
T1574
T1518
T1082
T1057
T1071
T1027
T1053
T1112
T1056
T1090
T1059
CVE-2017-11882