Skip to content

Commit

Permalink
Updated 2025-01-10-IOCs-for-CVE-2017-0199-XLS-infection-chain.txt
Browse files Browse the repository at this point in the history
  • Loading branch information
@brad-duncan
brad-duncan authored Jan 10, 2025
1 parent 93eef3b commit f1e057a
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions 2025-01-10-IOCs-for-CVE-2017-0199-XLS-infection-chain.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ AUTHORS:

- Vishwa Thothathri, Bradley Duncan

REFERENCES:

- https://www.linkedin.com/posts/unit42_steganography-dbatloader-guloader-ugcPost-7283569822586564608-2n2Y/
- https://x.com/Unit42_Intel/status/1877804202853838922

INFECTION CHAIN:

- presumably through email --> CVE-2017-0199 Excel file --> HTA --> VBS --> JPG with embedded info --> DBatLoader/GuLoader style malware --> AgentTelsa-style FTP data exfiltration
Expand Down

0 comments on commit f1e057a

Please sign in to comment.