delivr.to’s Top 10 Payloads (Dec ‘24): Pastejacking, Image-less QR codes and Concatenated Zip…
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Indirect Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Html Smuggling - T1027.006 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mmc - T1218.014 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Powershell - T1086 Scheduled Task - T1053 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID 398ee9b3-2a18-4667-bb67-1d9b7a59af36
Fingerprint 388b9a1029f70b0d
Analysis status DONE
Considered CTI value -2
Text language
Published Dec. 18, 2024, 8:28 p.m.
Added to db Dec. 21, 2024, 3:45 a.m.
Last updated Dec. 22, 2024, 5:34 p.m.
Headline delivr.to’s Top 10 Payloads (Dec ‘24): Pastejacking, Image-less QR codes and Concatenated Zip Archives
Title delivr.to’s Top 10 Payloads (Dec ‘24): Pastejacking, Image-less QR codes and Concatenated Zip…
Detected Hints/Tags/Attributes 103/2/36
Source URLs
Redirection Url
Details Redirection https://medium.com/@delivrto/delivr-tos-top-10-payloads-dec-24-pastejacking-image-less-qr-codes-and-concatenated-zip-a32e668106dd?source=rss------malware-5
Details Redirection https://blog.delivr.to/delivr-tos-top-10-payloads-dec-24-pastejacking-image-less-qr-codes-and-concatenated-zip-a32e668106dd?source=rss------malware-5
Details Redirection https://medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Fblog.delivr.to%2Fdelivr-tos-top-10-payloads-dec-24-pastejacking-image-less-qr-codes-and-concatenated-zip-a32e668106dd%3Fsource%3Drss------malware-5
Details Source https://blog.delivr.to/delivr-tos-top-10-payloads-dec-24-pastejacking-image-less-qr-codes-and-concatenated-zip-a32e668106dd?gi=8541410f9737&source=rss------malware-5
URL Provider
Details Provider Source level domain
Details delivr.to blog.delivr.to
Details medium.com medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 171 Malware on Medium https://medium.com/feed/tag/malware 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 56 
cve-2024-38112
Details Domain 7 
delivr.to
Details Domain 1 
files.delivrto.me
Details Domain 128 
docs.google.com
Details Domain 388 
wscript.shell
Details Domain 12 
ws.run
Details Domain 7 
post0.open
Details Domain 48 
com.google
Details Domain 1 
element.click
Details Domain 56 
window.open
Details Domain 165 
www.w3.org
Details Domain 21 
ajax.googleapis.com
Details File 35 
document.exe
Details File 2 
qr.url
Details File 6 
c:\program files\microsoft office\root\office16\winword.exe
Details File 2329 
cmd.exe
Details File 43 
msxml2.xml
Details File 1 
sus.gif
Details File 1 
sus.bat
Details File 3 
fs.mov
Details File 31 
d.php
Details File 2 
c:\users\public\pictures\temp.vbs
Details File 418 
wscript.exe
Details File 1 
gwt.core
Details File 1 
smuggled_test_exe.exe
Details File 7 
books_a0ujko.pdf
Details File 2 
pdf.url
Details File 1 
regex.ico
Details File 5 
drawing1.xml
Details File 1 
basicblob.js
Details File 239 
min.js
Details File 8 
window.url
Details Mandiant Temporary Group Assumption 5 
TEMP.VBS
Details Url 8 
https://docs.google.com
Details Url 22 
http://www.w3.org/1999/xhtml
Details Url 2 
https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js