Abuse Melding

Je hebt een klacht over de onderstaande posting:

27-06-2017, 23:15 door Anoniem

Infection chain for the Loki-Bot malware is : RTF file downloads corrupted xls which contains malicious js script, which in turn pulls an executable from another drop zone. The executable is Loki Bot. The Petya ransomware exploits an SMB vulnerability for lateral movement, which is a bit different from the exploit used in WannaCry. We will update with the specifics. Loki Bot’s infection vector is as following: Malicious email containing RTF file. The RTF exploits CVE-2017-0199 to downloads an xlsx decoy file. The binary of the “xlsx” file includes a js script, which is executed by the RTF file. When it runs, the script downloads Loki’s exe file and executes it zie: http://blog.checkpoint.com/2017/06/27/global-ransomware-attack-spreading-fast/

Beschrijf je klacht (Optioneel):

captcha