Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis (Microsoft)

ronjor · Jul 11, 2018

July 11, 2018 Office 365 Threat Research

Much of cybercrime today is fueled by underground markets where malware and cybercriminal services are available for purchase. These markets in the deep web commoditize malware operations. Even novice cybercriminals can buy malware toolkits and other services they might need for malware campaigns: encryption, hosting, antimalware evasion, spamming, and many others.

Hawkeye Keylogger (also known as iSpy Keylogger) is an info-stealing malware that’s being sold as malware-as-a-service. Over the years, the malware authors behind Hawkeye have improved the malware service, adding new capabilities and techniques. It was last used in a high-volume campaign in 2016.
Click to expand...

Rasheed187 · Jul 14, 2018

What's interesting to note is that it injects its code into MSBuild.exe, RegAsm.exe, and VBC.exe, but if you block these tools from network access, then how will the Hawkeye keylogger connect out?

Minimalist · Nov 17, 2018

Threat Actors Exploit Equation Editor to Distribute Hawkeye Keylogger

As reported by Quick Heal, threat actors used Rich Text Format (RTF) files — either standalone or embedded in PDF files with DOC extensions — to distribute the Hawkeye keylogger malware.

While the attacks used typical phishing emails to target users and organizations, the campaign opted for a less common path to compromise: the Microsoft Office Equation Editor. The so-called “Hawkeye v8 Reborn” exploit CVE-2017-11882, which triggers a stack buffer overflow in Equation Editor by using an unbounded string of FONT name defined within a FONT record structure. If successful, attackers gain the ability to execute arbitrary code and deliver malware payloads.
Click to expand...

https://securityintelligence.com/ne...ation-editor-to-distribute-hawkeye-keylogger/

Log in or Sign up

Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis (Microsoft)

ronjor Global Moderator

Rasheed187 Registered Member

Minimalist Registered Member

Log in or Sign up

Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis (Microsoft)

ronjor Global Moderator

Rasheed187 Registered Member

Minimalist Registered Member

Useful Searches