Word macro spins up PowerShell script hosted on GitHub

Word macro spins up PowerShell script hosted on GitHub

3 years ago
Anonymous $y15ULlV7sG

https://www.bleepingcomputer.com/news/security/github-hosted-malware-calculates-cobalt-strike-payload-from-imgur-pic/

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub.

This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

Last Seen
30 minutes ago
Reputation
0
Spam
0.000
Last Seen
39 minutes ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
about an hour ago
Reputation
0
Spam
0.000
Last Seen
2 hours ago
Reputation
0
Spam
0.000
Last Seen
30 minutes ago
Reputation
0
Spam
0.000
Last Seen
19 minutes ago
Reputation
0
Spam
0.000