ioc[.]one - OSINT Cyber Threat Intelligence Database

Your Office Document is at Risk - XLL, A New Attack Vector

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Add-Ins - T1137.006 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 Powershell - T1086 Rundll32 - T1085 Scripting - T1064 Scripting

Show in Graph

Common Information

Type	Value
UUID	4ae7cdc2-e0bc-4e8f-88d7-502328dedd7c
Fingerprint	a424bb19ad278b81
Analysis status	IN_PROGRESS
Considered CTI value	0
Text language
Published	Feb. 21, 2023, 5:25 p.m.
Added to db	Oct. 24, 2023, 1:28 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Your Office Document is at Risk – XLL, A New Attack Vector
Title	Your Office Document is at Risk - XLL, A New Attack Vector
Detected Hints/Tags/Attributes	50/2/23

Source URLs

	Redirection	Url
Details	Source	https://blogs.quickheal.com/your-office-document-is-at-risk-xll-a-new-attack-vector/

URL Provider

Details	Provider	Source level domain
Details	quickheal.com	blogs.quickheal.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	mypictures.zip
Details	File	1018	rundll32.exe
Details	File	18	c:\windows\syswow64\rundll32.exe
Details	File	12	4.zip
Details	File	1	mypictures.zip
Details	File	1208	powershell.exe
Details	File	1	c:\users\user\appdata\local\temp\mypictures.zip
Details	File	4	4.jpg
Details	File	2126	cmd.exe
Details	sha256	1	ab06eca36c9e011a149ea1625b8ad3629907b2a418ce10fe039870a3d9928bb0
Details	sha256	1	9a652f77b9fba07d04e4021d3f533791bdedf4284fbbc007b4c55fea94a46635
Details	sha256	1	6f74060f131c9034f55349cdeb2b5ebbd73582e6ac9da11c9310892bfdfeba36
Details	sha256	1	5dfa56596b133d080b770e11783b1763da445dc2fef57fe060c87e7b73012308
Details	sha256	1	2d9e90155343ba8f8f8e16c80b1dc62227f607c2ba277491c6f8f384bf5e0499
Details	sha256	1	16522212c1b951ffab57e8f8fa288295cca5d9600e83b74551601246841cae91
Details	sha256	1	0ec2bb5aad17efc7e1e1d8371b04684957684fec8e73df62bd41320bbf517b13
Details	sha256	1	4da00e7d529be457c914b085d66f012c070bf6e3f85675303aa41a7689c08c75
Details	sha256	1	59d2403b99c95a057e43dd25e3d58b66331d130b52c19d2919e7966023ede5f6
Details	IPv4	1	160.119.253.36
Details	IPv4	1	160.119.253.242
Details	IPv4	6	45.93.201.114
Details	Url	1	http://160.119.253.36/filesetup_v17.3.4.zip
Details	Windows Registry Key	1	HKCU\Software\Microsoft\Office\16.0\Word\Security\Trusted