08-21-2018, 12:29 PM
In The Name OF Allah
Al-Salam Alekum
![[Image: FlawedAmmyy-RAT.jpg]](https://i1.wp.com/gbhackers.com/wp-content/uploads/2018/08/FlawedAmmyy-RAT.jpg)
Quote:A new campaign using Weaponized Microsoft Publisher File(.pub) to deliver the FlawedAmmyy RAT. The FlawedAmmyy RAT is a backdoor tool that gains remote access to the attacker. Security researchers from Trustwave spotted the Email campaign subjected “Payment Advice” with Microsoft Office Publisher file attached.https://gbhackers.com/microsoft-publishe...y-rat/amp/
Once the .pub file is opened it asks the victim’s to Enable Macros, the macro script triggers Document_Open() event which opens the file and once the file is opened it access the URL that located in the Tag Property and executes a downloaded file.
Wa Salam Alekum