.. /.Xlm

Phishing
Exploit
External
Double Click

Author:

mr.d0x

Description:

XLM is a Microsoft Macro-Enabled Workbook file. It can be used to execute malicious macros.

OS:

Windows
Mac

Recommendation:

Disable macros via GPO and whitelist the users that are permitted to run macros. For end users, turn off macros from Excel's settings.

Resources:

https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware/

File Samples:

Contributions: