.. /.Xps

Phishing
Native
Double Click

Author:

mr.d0x

Description:

XPS files are Microsoft's version of PDF files. They are opened by default with Microsoft's XPS Viewer. Attackers have recently been seen delivering malicious XPS files as an alternative to PDF files.

OS:

Windows

Recommendation:

Monitor XPS files that are delivered as email attachments.

Resources:

https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/
https://infinityns.ca/attacks-evolving-phishing-via-xps-files/

File Samples:

https://www.joesandbox.com/analysis/67065/0/html

Contributions: