ioc[.]one - OSINT Cyber Threat Intelligence Database

Analysis Report on Malware Distributed via Microsoft OneNote

Show in Graph

Common Information

Type	Value
UUID	bcd0debc-9cf5-43ef-aa04-cbb06a6930bd
Fingerprint	46d016f8bf512af54ad5fd80f7d2ffed48a766fbef4534c17d3a8dfa858935fd
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 30, 2023, 3:50 p.m.
Added to db	Sept. 22, 2024, 3:11 p.m.
Last updated	Sept. 22, 2024, 3:31 p.m.
Headline	Analysis Report on Malware Distributed via Microsoft OneNote
Title	Analysis Report on Malware Distributed via Microsoft OneNote
Detected Hints/Tags/Attributes	130/3/166

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/wp-content/uploads/2023/01/Analysis-Report-on-Malware-Distributed-via-Microsoft-OneNote.pdf

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	report.one
Details	Domain	2	tempath.one
Details	Domain	1	invoice212.one
Details	Domain	1	voice-message.one
Details	Domain	1	08937.one
Details	Domain	1	walmart.one
Details	Domain	1	bonus.one
Details	Domain	1	co.one
Details	Domain	1	nra78943.one
Details	Domain	2	list.one
Details	Domain	1	27664.one
Details	Domain	1	part.one
Details	Domain	1	guidelines.one
Details	Domain	1	shippingdocuments.one
Details	Domain	2	pdf172.one
Details	Domain	1	hrda04432.one
Details	Domain	1	guide.one
Details	Domain	1	officecheck.com
Details	Domain	1	universalpostalunion.com
Details	Domain	189	asec.ahnlab.com
Details	Domain	1	bugladypestcontrolpostal.myportfolio.com
Details	Domain	4	www.onenotegem.com
Details	Domain	3	four-quadrant.one
Details	Domain	5	invoice.one
Details	Domain	71	transfer.sh
Details	Domain	372	wscript.shell
Details	Domain	1	stave.one
Details	Domain	3	depotejarat.ir
Details	Domain	1	calendar2018-en.one
Details	Domain	1	cdn-115.filechan.org
Details	Domain	1	hi.one
Details	Domain	1	cdn-120.filechan.org
Details	Domain	3	onenotegem.com
Details	Domain	150	www.w3.org
Details	Domain	13	oshell.run
Details	Domain	1	cdn-107.letsupload.cc
Details	Domain	2	runn.run
Details	Domain	1	ript.sh
Details	Domain	1	livingherda.save
Details	Domain	1	cdn-127.anonfiles.com
Details	Domain	1	cdn-115.anonfiles.com
Details	Domain	1	201.one
Details	Domain	1	wiznon.one
Details	Domain	1	xworm.duckdns.org
Details	Domain	13	files.catbox.moe
Details	Domain	2	a0745450.xsph.ru
Details	Domain	2	investment.one
Details	Domain	1	www.helfeb.online
Details	Domain	2	great.save
Details	Domain	1	hp.buytoprint.com
Details	Domain	1	universalpostaluion.com
Details	Domain	1	teenwazeition.com
Details	Domain	1	toornavigator.sytes.net
Details	Domain	44	atip.ahnlab.com
Details	Domain	54	www.ahnlab.com
Details	File	1	mylove.vbs
Details	File	1	view.bat
Details	File	35	document.doc
Details	File	1	subscription.exe
Details	File	23	com.exe
Details	File	1	pdf_annexe.exe
Details	File	9	charmap.exe
Details	File	1	'2023.xlsx
Details	File	1	'test.html
Details	File	1	'hphta.docx
Details	File	5	pdf.vbs
Details	File	1	'guidevbs.pdf
Details	File	1	hphta.docx
Details	File	1	invite_code.pdf
Details	File	3	asyncclient.bat
Details	File	3	system32.bat
Details	File	1	wizclient.exe
Details	File	1	asyncclientq.bat
Details	File	1	document.bat
Details	File	1	tpppp.bat
Details	File	2	invoice212.bat
Details	File	4	window.mov
Details	File	1	wizworm.exe
Details	File	1	stud.exe
Details	File	1	livingherda.ico
Details	File	1	es.ico
Details	File	1	livingherda.tar
Details	File	63	bitsadmin.exe
Details	File	1	dc.bat
Details	File	1	'wizworm.exe
Details	File	1	'dc.bat
Details	File	1	'view.bat
Details	File	2	ash.vbs
Details	File	1	'rr.ps1
Details	File	1	'd309qn.ps1
Details	File	1	d309qn.ps1
Details	File	103	regasm.exe
Details	File	1	'push.bat
Details	File	8	system32.exe
Details	File	2	dt6832.exe
Details	File	1	'system32.exe
Details	File	2	great.ico
Details	File	2	great.tar
Details	File	2125	cmd.exe
Details	File	1208	powershell.exe
Details	File	1	cyan.ps1
Details	File	72	regsvcs.exe
Details	File	20	win.msi
Details	md5	1	02f7de88cf57af21517b682adc60c6fa
Details	md5	1	1047839a3bf9b6027d02ee3a1d9a2ad8
Details	md5	1	1e81b3d4e2fbebc6de87ff7be4f5de49
Details	md5	1	1fb21c563c56036ab2433f90a0a94046
Details	md5	1	4d63d7f384bc70d6db9ce60bfda69619
Details	md5	1	4f6c257e390885970d0e3ef9e1668acb
Details	md5	1	60e4c69935e5540d0880b06f17f61a97
Details	md5	1	76d72ce5462ee4e4e06b7a912677a16a
Details	md5	1	83235f413a784a20332138aaf2b105f2
Details	md5	1	a7978854ca864ae5fa9b663051459466
Details	md5	1	abd77fae0cc23a3483cd5aff74bf5915
Details	md5	1	b0c819dcd81a3f6ced6ca42a6686ceed
Details	md5	1	b4f4f7791b87db2b7b01e739db221f8b
Details	md5	1	c8ece1262d04355203fcb2fce697e073
Details	md5	1	efcce7e4c3052829450c8c0c165aa563
Details	md5	1	f2a18829a712bfb587cae08cbb1f1e49
Details	md5	1	f795cfc8b860b8bb0af6b93edb597b64
Details	md5	1	f7b15a3c158a7eaa05a3323c160dba20
Details	md5	1	09703331e54090107567a22723152915
Details	md5	1	9206ebf4fa5434405d34ae083005994f
Details	md5	1	732377e018b9292a070f7f93d0e92ac3
Details	md5	1	775a301382aacf4b63ff30d3f96064d1
Details	md5	1	d47ef0caf476ae21f22c346071670ffd
Details	md5	1	f010a779fc5fa3c0d6ef8d08cf2f82c3
Details	md5	1	c9e7b8dddc2f6f1b8db8292390303eaa
Details	md5	1	ebc30d45db60b87f62799e345937b487
Details	md5	1	2cf3117be25319c1e8dc2c38dca33a33
Details	Mandiant Temporary Group Assumption	1	TEMP.HTA
Details	MITRE ATT&CK Techniques	4	T1036.002
Details	Url	1	https://asec.ahnlab.com/en/38150
Details	Url	1	https://asec.ahnlab.com/en/43518
Details	Url	1	https://bugladypestcontrolpostal.myportfolio.com
Details	Url	1	https://www.onenotegem.com/uploads/soft/one-
Details	Url	1	https://transfer.sh/get/tscdam/asyncclient.bat
Details	Url	2	https://www.onenotegem.com/uploads/soft/one-templates/four-quadrant.one
Details	Url	1	https://transfer.sh/get/jv3hjg/asyncclientq.bat
Details	Url	1	https://www.onenotegem.com/uploads/soft/one-templates/stave.one
Details	Url	1	https://transfer.sh/get/mhdwxq/asyncclient.bat
Details	Url	1	https://www.onenotegem.com/uploads/soft/one-templates/the_daily_schedule.one
Details	Url	1	https://depotejarat.ir/wp-content/uploads/1/document.bat
Details	Url	1	https://www.onenotegem.com/uploads/soft/one-templates/calendar2018-en.one
Details	Url	1	https://transfer.sh/get/291u2l/tpppp.bat
Details	Url	1	https://cdn-115.filechan.org/68q6k5j2y5/5ec02e11-1669574311/hi.one
Details	Url	1	https://cdn-120.filechan.org/1482k6j0y7/7102e672-1669575502/wizclient.exe
Details	Url	1	https://onenotegem.com/uploads/soft/one-templates/weekly_assignments.one
Details	Url	1	https://transfer.sh/rmitxs/invoice212.bat
Details	Url	1	http://www.w3.org/tr/xhtml1/dtd/xhtml1-
Details	Url	21	http://www.w3.org/1999/xhtml
Details	Url	1	https://cdn-107.letsupload.cc/55rcv8j0ya/7c1e454c-1669672454/wizclient.exe
Details	Url	1	https://cdn-127.anonfiles.com/7ee1l2j1ya/38605d12-
Details	Url	1	https://cdn-115.anonfiles.com/sde4l7j0y5/8fc4ec08-
Details	Url	1	http://xworm.duckdns.org/guide.one
Details	Url	1	http://xworm.duckdns.org/dc.bat
Details	Url	1	https://cdn-127.anonfiles.com/7ee1l2j1ya/38605d12-1669580036/wizclient.exe
Details	Url	1	https://files.catbox.moe/d309qn.ps1
Details	Url	1	http://a0745450.xsph.ru/investment.one
Details	Url	1	http://a0745450.xsph.ru/dt6832.exe
Details	Url	1	http://www.helfeb.online/je14
Details	Url	1	http://hp.buytoprint.com:9791/colors/cyan.ps1
Details	Url	1	http://a0745450.xsph.ru
Details	Url	1	https://teenwazeition.com/empty/crypto/stud.exe
Details	Url	1	http://toornavigator.sytes.net
Details	Url	8	https://atip.ahnlab.com