Tag: CVE-2017-0199

8 Attack Reports | 0 Vulnerabilities

Attack reports

Tracking FileFix, Shadow Vector, and SideWinder

This intelligence report details collaborative research between Acronis Threat Research Unit and VirusTotal on three emerging cyber threats. FileFix, a variant of ClickFix, uses malicious websites to trick victims into running commands copied to their clipboard. Shadow Vector targets Colombian user…

clipboard manipulation

document-based attacks

Published: November 10, 2025

Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199

Downloadable IOCs: 16

How a Malicious Excel File (CVE-2017-0199) Delivers the FormBook Payload

A high-severity phishing campaign targeting old version Office Application users exploits CVE-2017-0199 vulnerability to deliver FormBook malware. The attack begins with an email containing a malicious Excel attachment. When opened, it triggers the vulnerability, downloading and executing a malicio…

information-stealer

Published: June 5, 2025

Linked vulnerabilities : CVE-2017-0199

Downloadable IOCs: 8

New Steganographic Campaign Distributing Multiple Malware Variants

A sophisticated steganographic campaign has been observed distributing multiple stealer malware variants, including Remcos, DcRAT, AgentTesla, and VIPKeyLogger. The infection chain begins with a phishing email containing an Excel file that exploits CVE-2017-0199. This leads to the download of an HT…

process hollowing

remote access trojan

Published: March 17, 2025

Linked vulnerabilities : CVE-2017-0199

Downloadable IOCs: 13

SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Threat actors are exploiting old Microsoft Office vulnerabilities using SmokeLoader, a modular malware loader, to steal browser credentials. The campaign targets manufacturing, healthcare, and IT companies in Taiwan, utilizing CVE-2017-0199 and CVE-2017-11882 to execute remote code and deploy malic…

credential theft

modular malware

microsoft office

vulnerabilities

Published: December 3, 2024

Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199

Downloadable IOCs: 28

New Campaign Uses Remcos RAT to Exploit Victims

A phishing campaign utilizing Remcos RAT has been detected. The attack begins with an email containing a malicious Excel document that exploits CVE-2017-0199. When opened, it downloads and executes an HTA file, which in turn downloads and runs a malicious EXE. This EXE uses PowerShell to load and e…

process hollowing

Published: November 8, 2024

Downloadable IOCs: 2

Deep Analysis of Snake Keylogger’s New Variant

FortiGuard Labs recently caught a phishing campaign delivering a new variant of Snake Keylogger, a keylogger malware that can steal sensitive data like saved credentials, keystrokes, and screenshots. The analysis examines the phishing email, malicious Excel document, and techniques used by the malw…

credential theft

process injection

snake keylogger

Published: August 30, 2024

Linked vulnerabilities : CVE-2017-0199

Downloadable IOCs: 8

SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea

BlackBerry's researchers have uncovered a new campaign by the nation-state threat actor SideWinder. The group employs sophisticated techniques, such as utilizing carefully crafted phishing emails with visual lures designed to target specific organizations. The campaign aims to compromise ports and …

Published: July 30, 2024

Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199

Downloadable IOCs: 47

New Agent Tesla Campaign Targeting Spanish-Speaking People

This report analyzes a phishing campaign spreading a new Agent Tesla variant designed to infiltrate victims' computers and steal sensitive information like credentials, email contacts, and system details. It leverages techniques like exploiting Microsoft Office vulnerabilities, executing JavaScript…

Published: June 10, 2024

Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199

Downloadable IOCs: 6

Click here to see more Attack Reports