The side-loaded malicious DLL called back to a command-and-control (C&C) site, which triggered the download and execution of the final malware encoded in a JPEG file format.The malicious document, which contained exploit code for CVE-2017-12824, a buffer-overflow vulnerability in InPage, dropped a legitimate but outdated version of VLC media player that is vulnerable to DLL hijacking.Spear-phishing email with a malicious InPage document with the file name hafeez saeed speech on 22nd April.inp was sent to the intended victims.The attack was orchestrated using the following approach: The Office 365 Research and Response team discovered this type of targeted attack in June. Beyond that, public research of these types of attacks has been limited. In the past, researchers at Palo Alto and Kaspersky have blogged about attacks that use malicious InPage documents. The targets included government institutions.įigure 1. More than 75% of the targets were located in Pakistan however, the attack also found its way into some countries in Europe and the US.
#Vlc temp folder software#
The attack exploited a vulnerability in InPage, a word processor software for specific languages like Urdu, Persian, Pashto, and Arabic. Our analysis of a targeted attack that used a language-specific word processor shows why it’s important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. Microsoft Purview Data Lifecycle Management.Microsoft Purview Information Protection.Information protection Information protection.Microsoft Priva Subject Rights Requests.Microsoft Purview Communication Compliance.Microsoft Purview Insider Risk Management.Risk management & privacy Risk management & privacy.Microsoft Defender Vulnerability Management.Azure Active Directory part of Microsoft Entra.
0 kommentar(er)
