We have developed TIPpers, which are incidents the ThreatConnect Research team flags for your awareness, so your organization can take decisive action.
TIPper: Word Document Trojan Exploiting CVE
This incident involves a word document trojan containing an embedded postscript file exploiting CVE-2015-2545. This is a trojanized legitimate document that was last edited by a former senior Japanese Ground Self Defence Forces official. This document appears to be a targeted attack on victims related to the Japanese military. Once the exploit is executed, three files are dropped including plugin.dll and AcroRd32Info.exe. The trojan installs itself in the Start menu’s Startup directory as a fake acrobat reader executable. After installation, it calls back to a command and control URL on a compromised website hosted in Japan.
If you do not have a ThreatConnect account, click HERE to access our Free Edition as well as 30-day access to our Subscriber Community. ThreatConnect’s Free Edition allows you to establish a basic threat intelligence practice, collaborate with your internal team, protect your organization with open source threat data, bulk import cyberthreat indicators, contribute to the ThreatConnect Community, and receive support and validation from outside researchers and analysts also using the platform. The Subscriber Community includes timely notification of threat incidents identified by the ThreatConnect Research team, an exclusive service offered at no additional charge to paying customers.