Hunting Malicious Macros - Pwntario Team Blog
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Spearphishing Attachment - T1566.001 Vba Stomping - T1564.007 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 10c3b56b-0810-48f8-8a14-e75b943a82e8
Fingerprint 2815095619e51b2a
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 16, 2018, midnight
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Hunting Malicious Macros
Title Hunting Malicious Macros - Pwntario Team Blog
Detected Hints/Tags/Attributes 41/1/18
Source URLs
Redirection Url
Details Source https://blog.pwntario.com/team-posts/antons-posts/hunting-malicious-macros#first
URL Provider
Details Provider Source level domain
Details pwntario.com blog.pwntario.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
3xpl01tc0d3r.blogspot.com
Details Domain 285 
microsoft.net
Details Domain 18 
uncoder.io
Details File 2 
vbe7intl.dll
Details File 9 
vbe7.dll
Details File 2 
vbeui.dll
Details File 142 
wmiprvse.exe
Details File 2 
wbemdisp.dll
Details File 1 
c:\windows\syswow64\wbem\wbemdisp.dll
Details File 1 
c:\windows\syswow64\combase.dll
Details File 1 
c:\windows\syswow64\coml2.dll
Details File 1 
c:\windows\syswow64\comsvcs.dll
Details File 1209 
powershell.exe
Details File 312 
calc.exe
Details File 1 
gadgettojscript-covenant-donut.html
Details File 13 
clr.dll
Details MITRE ATT&CK Techniques 310 
T1566.001
Details Url 1 
https://3xpl01tc0d3r.blogspot.com/2020/02/gadgettojscript-covenant-donut.html