CVE-2017-11882 Exploited to Deliver a Cracked Version of the Loki Infostealer
released on 2017-12-20 @ 07:51:24 PM
The Cobalt hacking group was one of the first to promptly and actively exploit CVE-2017-11882 (patched last November) in their cybercriminal campaigns. We uncovered several others following suit in early December, delivering a plethora of threats that included Pony/FAREIT, FormBook, ZBOT, and Ursnif. Another stood out to us: a recent campaign that used the same vulnerability to install a “cracked” version of the information-stealing Loki.