HP Threat Research Blog Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer

July 1, 2020 Category: Threat Research By: Alex Holland Comments: 0

Aggah Campaign’s Latest Tactics: Victimology, PowerPoint Dropper and Cryptocurrency Stealer

A notable PowerPoint malicious spam campaign we investigated recently was detected by HP Sure Click in May 2020. Its tactics, techniques and procedures (TTPs) suggest that the activity is linked to threat actors behind a string of similar campaigns, known collectively as the Aggah campaign.  In this campaign, malicious PowerPoint Add-in files were used to deliver Agent Tesla and PowerShell cryptocurrency-stealing malware.

The use of PowerPoint malware is significant because it’s uncommon. Of the office document malware isola