Follow

RT @KyleHanslovan
Curious what fetches the malicious HTML but can't find ms-msdt in the 05-2022-0438.doc file? Open that Word doc in 7zip (remember, it's just a zip file) and look inside document.xml.rels. Target points to the malicious RDF842l.html file that is d/l from the xmlformats[.]com C2.

Sign in to participate in the conversation
r3pek's Mastodon

Personal server for r3pek.org