VERY IMPORTANT

Two weeks ago, FortiGuard Labs spotted a malicious document with the politically themed file name “Draft PH-US Dialogue on Cyber Security.doc”. This document takes advantage of the vulnerability CVE-2017-11882. Upon successful exploitation, it drops a malware in the victim’s %temp% directory. Our analysis of this malware shows that it belongs to Hussarini, also known as Sarhust, a backdoor family that has been used actively in APT attacks targeting countries in the ASEAN region since 2014.