01 02 03 04 05 06 07
Phase 3 of 5 · Foothold + C2

Phase 3 · Initial Compromise

Q1_Invoice.docm [Protected View] — Word
File Home Insert Layout References Mailings Review View
SECURITY WARNING Macros have been disabled.
ACME Corp · Q1 Invoice

Hidden Process: cmd.exe
Victim Machine 10.0.0.47
AES-256 Encrypted
C2 Server 185.47.xx.xx
Attacker Console
meterpreter> _
Click the glowing Enable Content button to detonate the macro and earn a foothold.