Tag: CVE-2017-0199

9 Attack Reports | 0 Vulnerabilities

Attack reports

Operation FrostBeacon: Multi-Cluster Cobalt Strike Campaign Targets Russia

Operation FrostBeacon is a targeted malware campaign delivering Cobalt Strike beacons to companies in Russia. It uses two infection clusters: one leveraging malicious archive files with LNK shortcuts, and another exploiting CVE-2017-0199 and CVE-2017-11882 vulnerabilities. Both clusters lead to rem…
phishing
powershell
russia
cobalt strike
CVE-2017-0199
CVE-2017-11882
lnk files
hta
2025-12-08
Published: December 8, 2025
Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199
Downloadable IOCs: 60

Tracking FileFix, Shadow Vector, and SideWinder

This intelligence report details collaborative research between Acronis Threat Research Unit and VirusTotal on three emerging cyber threats. FileFix, a variant of ClickFix, uses malicious websites to trick victims into running commands copied to their clipboard. Shadow Vector targets Colombian user…
yara
CVE-2017-0199
CVE-2017-11882
virustotal
clickfix
south asia
svg
colombia
filefix
2025-11-10
clipboard manipulation
shadow vector
document-based attacks
Published: November 10, 2025
Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199
Downloadable IOCs: 16

How a Malicious Excel File (CVE-2017-0199) Delivers the FormBook Payload

A high-severity phishing campaign targeting old version Office Application users exploits CVE-2017-0199 vulnerability to deliver FormBook malware. The attack begins with an email containing a malicious Excel attachment. When opened, it triggers the vulnerability, downloading and executing a malicio…
phishing
autoit
formbook
CVE-2017-0199
2025-06-05
hta
information-stealer
Published: June 5, 2025
Linked vulnerabilities : CVE-2017-0199
Downloadable IOCs: 8

New Steganographic Campaign Distributing Multiple Malware Variants

A sophisticated steganographic campaign has been observed distributing multiple stealer malware variants, including Remcos, DcRAT, AgentTesla, and VIPKeyLogger. The infection chain begins with a phishing email containing an Excel file that exploits CVE-2017-0199. This leads to the download of an HT…
obfuscation
phishing
remcos
steganography
asyncrat
dcrat
CVE-2017-0199
process hollowing
remote access trojan
agenttesla
vipkeylogger
2025-03-17
Published: March 17, 2025
Linked vulnerabilities : CVE-2017-0199
Downloadable IOCs: 13

SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Threat actors are exploiting old Microsoft Office vulnerabilities using SmokeLoader, a modular malware loader, to steal browser credentials. The campaign targets manufacturing, healthcare, and IT companies in Taiwan, utilizing CVE-2017-0199 and CVE-2017-11882 to execute remote code and deploy malic…
phishing
plugins
credential theft
smokeloader
CVE-2017-0199
CVE-2017-11882
taiwan
modular malware
2024-12-03
microsoft office
vulnerabilities
andeloader
Published: December 3, 2024
Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199
Downloadable IOCs: 28

New Campaign Uses Remcos RAT to Exploit Victims

A phishing campaign utilizing Remcos RAT has been detected. The attack begins with an email containing a malicious Excel document that exploits CVE-2017-0199. When opened, it downloads and executes an HTA file, which in turn downloads and runs a malicious EXE. This EXE uses PowerShell to load and e…
rat
phishing
powershell
remcos
CVE-2017-0199
process hollowing
2024-11-08
Published: November 8, 2024
Downloadable IOCs: 2

Deep Analysis of Snake Keylogger’s New Variant

FortiGuard Labs recently caught a phishing campaign delivering a new variant of Snake Keylogger, a keylogger malware that can steal sensitive data like saved credentials, keystrokes, and screenshots. The analysis examines the phishing email, malicious Excel document, and techniques used by the malw…
phishing
persistence
credential theft
CVE-2017-0199
keylogger
2024-08-30
process injection
snake keylogger
Published: August 30, 2024
Linked vulnerabilities : CVE-2017-0199
Downloadable IOCs: 8

SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea

BlackBerry's researchers have uncovered a new campaign by the nation-state threat actor SideWinder. The group employs sophisticated techniques, such as utilizing carefully crafted phishing emails with visual lures designed to target specific organizations. The campaign aims to compromise ports and …
espionage
phishing
vulnerability
nation-state
javascript
targeted
CVE-2017-0199
CVE-2017-11882
2024-07-30
infrastructure
maritime
Published: July 30, 2024
Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199
Downloadable IOCs: 47

New Agent Tesla Campaign Targeting Spanish-Speaking People

This report analyzes a phishing campaign spreading a new Agent Tesla variant designed to infiltrate victims' computers and steal sensitive information like credentials, email contacts, and system details. It leverages techniques like exploiting Microsoft Office vulnerabilities, executing JavaScript…
malware
obfuscation
phishing
infostealer
2024-06-10
CVE-2017-0199
CVE-2017-11882
agent tesla
spain
Published: June 10, 2024
Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199
Downloadable IOCs: 6
Click here to see more Attack Reports