.. /.Xps

Phishing

Double Click

Contributors:

mr.d0x

Description:

XPS files are Microsoft's version of PDF files. They are opened by default with Microsoft's XPS Viewer. Attackers have recently been seen delivering malicious XPS files as an alternative to PDF files.

OS:

Windows

Recommendation:

Monitor XPS files that are delivered as email attachments.

Resources:

https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/

https://infinityns.ca/attacks-evolving-phishing-via-xps-files/

File Samples:

https://www.joesandbox.com/analysis/67065/0/html