virus logo Virus

MSExcel/CVE_2018_5002.A!exploit

description-logoAnalysis

MSExcel/CVE_2018_5002.A!exploit is a detection for a Exploit Trojan.
Below are some of its observed behaviours:

  • This detection is associated with CVE-2018-5002.

  • The original sample involved in this exploit attack is an Excel sheet document which attempts to connects/download from peopl{Removed}.dohabayt.com.
    The downloaded SWF file is detected as SWF/CVE_2018_5002.A!exploit.

  • Below is an illustration of the infected document:

    • Figure 1: Infected Document.


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.
  • Download and install the patch for the CVE-2018-5002 Vulnerability at Security updates available for Flash Player | APSB18-19.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2018-12-25 65.15600 Sig Updated
ID 7825464
Released Jun 11, 2018
Description
Updated		 Jun 08, 2018
Aliases SWF/CVE_2018_5002.A!exploit,Exp/20185002-A,DOC/TrojanDownloader.Agent.QS trojan,SWF/Agent.46EF!exploit,SWF/Exploit.d trojan,SWF_CVE20185002.A,Troj/SWFExp-OO,SWF/Exploit.Agent.OP trojan
Platform Profile Microsoft Office Excel (used for exploits detection)
Profile Type Exploits (exploit)