Latest RAT attack surge bypasses Microsoft's XLL block
Tags
cmtmf-attack-pattern: Masquerading
country: Germany
maec-delivery-vectors: Watering Hole
attack-pattern: Add-Ins - T1137.006 Email Accounts - T1585.002 Email Accounts - T1586.002 Exploits - T1587.004 Exploits - T1588.005 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Process Hollowing - T1055.012 Software - T1592.002 Visual Basic - T1059.005 Masquerading - T1036 Process Hollowing - T1093 Masquerading
Show in Graph
Common Information
Type Value
UUID 9c564916-4283-4928-89ec-ce441d4e1536
Fingerprint 2420281808a7ca42
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 1, 2023, 2:45 p.m.
Added to db Nov. 1, 2023, 5:27 p.m.
Last updated Sept. 3, 2024, 4:01 p.m.
Headline Cybercrooks amp up attacks via macro-enabled XLL files
Title Latest RAT attack surge bypasses Microsoft's XLL block
Detected Hints/Tags/Attributes 40/4/1
Source URLs
Redirection Url
Details Source https://www.theregister.com/2023/11/01/xll_macro_attack_surge/
Details Source https://www.theregister.com/2023/11/01/xll_macro_attack_surge/?&web_view=true
URL Provider
Details Provider Source level domain
Details theregister.com www.theregister.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 99 Cyware News - Latest Cyber News https://cyware.com/allnews/feed 2024-08-30 22:08
Details 163 https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 1 
lum.exe