skip to Main Content

Cybercrime, Formbook campaign via rtf from China

Formbook campaign via rtf (fake word document) from China. The “AWD-20-971-JA04Q7.doc” attachment of the “Рuгсhasе Огdег #AWD-20-971-JA04Q7” email, exploiting a vulnerability, contact a link and download an exe: the malware

A fake word document on a Purchase Order from China is the bait for a Formbook campaign.


The “AWD-20-971-JA04Q7.doc” attachment of the “Рuгсhasе Огdег #AWD-20-971-JA04Q7” email is actually a rtf which, exploiting a known vulnerability, contacts a link and downloads an exe file: the malware. Formbook, through the keylogger function, is able to acquire everything that the user types. Furthermore, it can steal email and browser credentials as well as take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.

Malware C2

Back To Top