I published the following diary on isc.sans.edu: “Weaponized RTF Document Generator & Mailer in PowerShell“:
Another piece of malicious PowerShell script that I found while hunting. Like many malicious activities that occur in those days, it is related to the COVID19 pandemic. Its purpose of simple: It checks if Outlook is used by the victim and, if it’s the case, it generates a malicious RTF document that is spread to all contacts extracted from Outlook. Let’s have a look at it… [Read more]
One comment