Reviving DDE: Using OneNote and Excel for Code Execution
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Dynamic Data Exchange - T1559.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Dynamic Data Exchange - T1173 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 858d92d2-5b14-44f7-a1b4-f608e3527ffa
Fingerprint ac540a15bfa73b02
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 5, 2018, 2:18 p.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 18, 2024, 2:36 a.m.
Headline Reviving DDE: Using OneNote and Excel for Code Execution
Title Reviving DDE: Using OneNote and Excel for Code Execution
Detected Hints/Tags/Attributes 24/2/8
Source URLs
Redirection Url
Details Source https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
URL Provider
Details Provider Source level domain
Details specterops.io posts.specterops.io
Attributes
Details Type #Events CTI Value
Details Domain 221 
gist.github.com
Details Domain 11 
enigma0x3.net
Details File 3 
msexcel.exe
Details File 2127 
cmd.exe
Details File 1209 
powershell.exe
Details Github username 1 
wdormann
Details md5 1 
732bb88d9b5dd5a66c9f1e1498f31a1b
Details Url 1 
https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b