At VirusTotal:
This was sent via email to us earlier today. 23/57 engines detect malware. Avast is not among them.
[Edited to correct typo, and to add:]
The file is an Excel spreadsheet.
At VirusTotal:
This was sent via email to us earlier today. 23/57 engines detect malware. Avast is not among them.
[Edited to correct typo, and to add:]
The file is an Excel spreadsheet.
Report a malicious sample (select file or website)
https://www.avast.com/report-malicious-file.php
Reported.
Thanks, Pondus.
Your welcome
Info on how to report to avast lab is found in one of the two sticky posts at top in this section
Read how this COBALT payload exploiting went unnoticed for 17 years:
https://blog.reversinglabs.com/blog/reversinglabs-yara-rule-detects-cobalt-payload-exploiting-cve-2017-11882
and likewise: https://www.mimecast.com/blog/2019/03/the-return-of-the-equation-editor-exploit--difat-overflow/
combining the first Equation Editor Exploit with an attack amplifier and a way to render it to go undetected.
Cybercriminals here were a special group from Serbia, that were using specially-crafted Microsoft Word documents
to take advantage of how Microsoft Word handles Integer Overflow errors in the OLE file format,
abusing OLE formats in this way.
The MS Office dropper can be detected using the YARA rule “potential_CVE_2017_11882_v2.yara”.
Download here: https://www.reversinglabs.com/sites/files/downloads/potential_CVE_2017_11882_v2.yara
What more undocumented surprises to be abused Microsoft has in store for us.
This is why for military & critical infrastructure for the Russian Federation,
they recently started to steer away from propriety Microsoft to embrace their own form of hardenend linux OS,
named Astra Linux.
polonus
This is now detected by 8.0.1609. pattern file version 190624-0.
Thanks everyone!