Malware
GONEPOSTAL
aka Cordyceps · NOTDOOR
The malware consists of a dropper DLL and an obfuscated, password protected VbaProject.OTM file, which houses macros written for Microsoft Outlook.
The malware consists of a dropper DLL and an obfuscated, password protected VbaProject.OTM file, which houses macros written for Microsoft Outlook. The malware was originally written by Greg Linares as a backdoor POC called Cordyceps, and presented at Hushcon in 2017.
Family metadata imported from Malpedia (Fraunhofer FKIE).