Asruex

Description

(Trend Micro) Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.

The use of old, patched vulnerabilities could hint that the variant was devised knowing that it can affect targets who have been using older versions of Adobe Reader (versions 9.x up to before 9.4) and Acrobat (versions 8.x up to before 8.2.5) on Windows and Mac OS X.

Names

Name
Asruex

Type

Backdoor
Worm

Information

https://blog.trendmicro.com/trendlabs-security-intelligence/asruex-backdoor-variant-infects-word-documents-and-pdfs-through-old-ms-office-and-adobe-vulnerabilities/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.asruex

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:Asruex

Other Information

Uuid

39c65a96-a0e8-42fa-80d5-5d36c0be61c3

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

Asruex

Asruex

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks