.. /.Xltm

Phishing
Double Click
Macros

Contributors:

mr.d0x

Description:

XLTM is a Microsoft Macro-Enabled Workbook template file. It can be used to execute malicious macros.

OS:

Windows
Mac

Recommendation:

Disable macros via GPO and whitelist the users that are permitted to run macros. For end users, turn off macros from Excel's settings.

Resources:

https://www.fortinet.com/blog/threat-research/microsoft-excel-files-increasingly-used-to-spread-malware

File Samples: