2025-01-09 (THURSDAY): CVE-2017-0199 XLS --> HTA --> VBS --> STEGANOGRAPHY --> DBATLOADER/GUILOADER STYLE MALWARE

NOTES:

• Zip files are password-protected.  Of note, this site has a new password scheme.  For the password, see the "about" page of this website.

REFERENCES:

• https://www.linkedin.com/posts/unit42_steganography-dbatloader-guloader-ugcPost-7283569822586564608-2n2Y/
• https://x.com/Unit42_Intel/status/1877804202853838922

ASSOCIATED FILES:

• 2025-01-09-IOCs-for-CVE-2017-0199-XLS-infection-chain.txt.zip   1.9 kB   (1,929 bytes)
• 2025-01-09-malware-from-CVE-2017-0199-infection-chain.zip   3.5 MB   (3,548,609 bytes)
• 2025-01-09-CVE-2017-0199-XLS-to-DBatLoader-or-GuiLoder-for-AgentTesla-variant.pcap.zip   2.7 MB   (2,706,361 bytes)

 

Click here to return to the main page.