216.73.217.50

Keylogger Installed Using MS Office Equation Editor Vulnerability (Kimsuky)

· Published 13/06/2024 10:14 · Modified 13/06/2024 10:33

Export JSON

Essential information

Published
13/06/2024 10:14
Modified
13/06/2024 10:33
Tags
2024-06-13 CVE-2017-11882 apt keylogger
Related entities
1 vulnerabilities (cve), 1 intrusion sets (apt), 18 techniques (mitre)

Description

This technical analysis examines a campaign by the Kimsuky threat group that exploited a vulnerability () in the Microsoft Office Equation Editor to distribute malware. The attackers used mshta.exe to run a malicious script that downloads additional components, including a . The collects system information, keystrokes, and clipboard data, which are sent to a command-and-control server. The report highlights the importance of patching vulnerabilities and keeping software up-to-date to prevent such attacks.

External references