I published the following diary on isc.sans.edu: “New Example of XSL Script Processing aka ‘Mitre T1220‘”:
Last week, Brad posted a diary about TA551. A few days later, one of our readers submitted another sample belonging to the same campaign. Brad had a look at the traffic so I decided to have a look at the macro, not because the code is heavily obfuscated but data are spread at different locations in the Word document… [Read more]
The post [SANS ISC] New Example of XSL Script Processing aka “Mitre T1220” appeared first on /dev/random.
Article Link: https://blog.rootshell.be/2021/02/02/sans-isc-new-example-of-xsl-script-processing-aka-mitre-t1220/