I published the following diary on isc.sans.edu: “New Example of XSL Script Processing aka ‘Mitre T1220‘”:
Last week, Brad posted a diary about TA551. A few days later, one of our readers submitted another sample belonging to the same campaign. Brad had a look at the traffic so I decided to have a look at the macro, not because the code is heavily obfuscated but data are spread at different locations in the Word document… [Read more]
