.. /.Pot

Phishing
Double Click
Macros

Contributors:

mr.d0x

Description:

POT is a Microsoft PowerPoint template file. It can be used to execute malicious macros.

OS:

Windows
Mac

Recommendation:

Disable macros via GPO and whitelist the users that are permitted to run macros. For end users, turn off macros from PowerPoint's settings.

Resources:

https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162

File Samples: