MSExcel/CVE_2018_5002.A!exploit
Analysis
MSExcel/CVE_2018_5002.A!exploit is a detection for a Exploit Trojan.
Below are some of its observed behaviours:
- This detection is associated with CVE-2018-5002.
- The original sample involved in this exploit attack is an Excel sheet document which attempts to connects/download from peopl{Removed}.dohabayt.com.
The downloaded SWF file is detected as SWF/CVE_2018_5002.A!exploit. - Below is an illustration of the infected document:
- Figure 1: Infected Document.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
- Download and install the patch for the CVE-2018-5002 Vulnerability at Security updates available for Flash Player | APSB18-19.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2018-12-25 | 65.15600 | Sig Updated |