VERY IMPORTANT

In recent weeks, Unit 42 has discovered three documents crafted to exploit the InPage program. InPage is a word processor program that supports languages such as Urdu, Persian, Pashto, and Arabic. The three InPage exploit files are linked through their use of very similar shellcode, which suggests that either the same actor is behind these attacks, or the attackers have access to a shared builder. The documents were found to drop the following malware families: The previously discussed CONFUCIUS_B malware family A backdoor previously not discussed in the public domain, commonly detected by some antivirus solutions as “BioData” A previously unknown backdoor that we have named MY24