I published the following diary on isc.sans.edu: “Weaponized RTF Document Generator & Mailer in PowerShell“:
Another piece of malicious PowerShell script that I found while hunting. Like many malicious activities that occur in those days, it is related to the COVID19 pandemic. Its purpose of simple: It checks if Outlook is used by the victim and, if it’s the case, it generates a malicious RTF document that is spread to all contacts extracted from Outlook. Let’s have a look at it… [Read more]
[The post [SANS ISC] Weaponized RTF Document Generator & Mailer in PowerShell has been first published on /dev/random]
Article Link: https://blog.rootshell.be/2020/04/17/sans-isc-weaponized-rtf-document-generator-mailer-in-powershell/