One Article Review
| Source |  Contagio |
|---|---|
| Identifiant | 8303049 |
| Date de publication | 2023-01-21 01:58:26 (vue: 2023-01-21 07:07:51) |
| Titre | DDE Command Execution malware samples |
| Texte |  Here are a few samples related to the recent DDE Command executionReading:10/18/2017 InQuest/yara-rules 10/18/2017 https://twitter.com/i/moments/918126999738175489 10/18/2017 Inquest: Microsoft Office DDE Macro-less Command Execution Vulnerability10/18/2017 Inquest: Microsoft Office DDE Vortex Ransomware Targeting Poland10/16/2017 https://twitter.com/noottrak/status/91997508182826188810/14/2017 Inquest: Microsoft Office DDE Freddie Mac Targeted Lure 10/14/2017 Inquest: Microsoft Office DDE SEC OMB Approval Lure10/12/2017 NViso labs: YARA DDE rules: DDE Command Execution observed in-the-wild 10/11/2017 Talos:Spoofed SEC Emails Distribute Evolved DNSMessenger 10/10/2017 NViso labs: MS Office DDE YARA rules |
| Envoyé | Oui |
| Condensat | $e= $e=new 12 4 5 bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb cipher=tls does not receiver=protection signatures=0x +0000from: +0000message +0000received: +0100 +0100 +0100received: +0200received: /i: /opt/cpanel/ea 0001s5 002 00:05:48 00:09:20 0400 0400received: 0400to: 04:05:48 06:43:35 08: 0content 0mw/maxresdefault 102 10432: 106 109 10:43:35 10:45:12 10:45:14 10:45:15 10:45:16 115 11:43:36 11:43:42 11a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13 120 124x 127 12:44:35 131 144 147 148 152 157 158 162 166 1707230000 definitions=main 171 1710110060this 172 174 175 178 186 188 190 1987 1;am4pr08mb2659;27:42c8mvc/6e4knuk79xndqihs/awunfsysvmpuq/zwfglisk+unxweuaalqg0k4ukdn7mpji/6boflk6h4wqzhqph28ivakhecxi6sarjpgqif8vn6jkx/rsykhnucz+ccontent 1a1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428 1e28he 2017 2017 11:43:36 2017 11:43:38 209 216 222/s 232 2330bf6bf6b5efa346792553d3666c7bc290c98799871f5ff4e7d44d2ab3b28c 234 236 242 245 252 256 256/256 2603:10a6:4:a2::17 2603:10a6:800:a9::33 262 lowpriorityscore=0 2a01:111:f400:7e04::133 2dhb488ej6 313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e065 giveaway 316f0552684bd09310fc8a004991c9b7ac200fb2a9a0d34e59b8bbd30b6dc8ea 339 389 44278 47 as 47; helo=;x 497 4b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d568 4heeexwtv 5d3b34c963002bd46848f5fe4e8b5801da045e821143a9f257cb747c29e4046f 658 658:class 75x 7608a3de5fe6c9bf7df6782a8aa9790f 7608a3de5fe6c9bf7df6782a8aa9790fcontent 7777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280 aee33500f28791f91c278abb3fcdd942 8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c04184 8bitx 8c5209671c9d4f0928f1ae253c40ce7515d220186bb4a97cbaf6c25bd3be53cf 9d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc862 9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d ;echo ;iex ;powershell about abuse ac3edeb6d852bd348649; account added address admintools/mscorierpayload adultscore=0 aes aes256 antiabuse: any application/vnd application; approval aqhtq0cx2ubfjweacek0bdqslakuya==date: are args: asciiimportant attach: attachment; authenticated authsource: available base64content bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9 bits bits=256 boundary= bst bulkscore=0 by by with by am4pr08mb2659 by db3ffo11fd006 by forcepoint by rly14a by vi1pr0802ca0047 by vi1pr08mb2670 by: campaignbf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cb received: cbc cet changes charset=us chatta cipher cipher=ecdhe cipher=tls citibk classifier=clx:junk adjust=0 client client certificate cluster clx clxscore= cmd code com com com/file/2vxfgfitjqrf/citibk com/i/moments/918126999738175489 10/18/2017 inquest: com/noottrak/status/91997508182826188810/14/2017 inquest: com/phpmailer/phpmailer com/raw/pxse2tj1 com/ticket com/vi/erllfvf com: com:/roofingexperts/wp com; command comx confirmed/virtual confirmedx content content/themes/sp/examples/send content/themes/sp/examplesx corps correlator:received daneprzesylki17016 db3ffo11fd006 db6pr0802mb2600 dde ddeauto definitions=2017 designate 147 details details: diagnostics: dir: directed disposition: distribute dll dnsmessenger 10/10/2017 nviso doc5786dbcbe1959b2978e979bf1c5cb450payload document document; documents:1 documents:bf38288956449bb120bae525b6632f0294d25593da8938bbe79849d6defed5cba1294fce91af3f7e7691f8307d07aebd4636402e4e6a244faac5ac9b36f8428b68b3f98f78b42ac83e356ad61a4d234fe620217b250b5521587be49958d5689d67659a41ef45219ac64967b7284dbfc435ee2df1fccf0ba9c7464f03fdc8627777ccbaaafe4e50f800e659b7ca9bfa58ee7eefe6e4f5e47bc3b38f84e52280313fc5bd8e1109d35200081e62b7aa33197a6700fc390385929e71aabbc4e0659fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d8630169ab9b4587382d4b9a6d17fd1033d69416996093b6c1a2ecca6b0c0418411a6422ab6da62d7aad4f39bed0580db9409f9606e4fa80890a76c7eabfb1c13 |
| Tags | Ransomware Malware |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.