[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle
Security Affairs
MARCH 2, 2019
This is part of a giant list of Living off the Land (LOL) techniques that attackers employ to mask their activities from runtime endpoint security monitoring tools such as AVs. File name: patent-2019-02-20T093A283A05-1.xls The macro makes several string concatenations and executes via a pivot msiexec.exe process. Technical Analysis.
Let's personalize your content