Getting Sneakier: Hidden Sheets, Data Connections, and XLM Macros
Tags
attack-pattern: Data Encrypted Channel - T1521 Encrypted Channel - T1573 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Connection Proxy - T1090 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID afed846e-252a-4a6c-a91d-23ddc6aac920
Fingerprint a45889123df44bae
Analysis status DONE
Considered CTI value 2
Text language
Published March 18, 2020, midnight
Added to db June 5, 2023, 10:53 a.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline Getting Sneakier: Hidden Sheets, Data Connections, and XLM Macros
Title Getting Sneakier: Hidden Sheets, Data Connections, and XLM Macros
Detected Hints/Tags/Attributes 38/1/32
Source URLs
Redirection Url
Details Source https://inquest.net/blog/2020/03/18/getting-sneakier-hidden-sheets-data-connections-and-xlm-macros
Details Source https://inquest.net/blog/2020/03/19/getting-sneakier-hidden-sheets-data-connections-and-xlm-macros
URL Provider
Details Provider Source level domain
Details inquest.net inquest.net
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 137 InQuest https://inquest.net/blog/rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 20 
inquest.net
Details Domain 1 
pnxkntdl.xyz
Details Domain 1 
tdvomds.pw
Details Domain 74 
adodb.stream
Details Domain 2 
aquolepp.pw
Details Domain 2 
dhteijwrb.host
Details Domain 4127 
github.com
Details Domain 53 
oledump.py
Details Domain 13 
labs.inquest.net
Details File 1 
inv-27101.xls
Details File 1 
invoice85005.xls
Details File 816 
index.html
Details File 1 
plaintext.css
Details File 127 
c:\windows\system32\rundll32.exe
Details File 1260 
explorer.exe
Details File 1 
obj.doc
Details File 1018 
rundll32.exe
Details File 2 
milagrecf.php
Details File 1 
plugin_biff.py
Details File 49 
oledump.py
Details Github username 13 
inquest
Details sha256 1 
a83890bbc081b9ec839c9a32ec06eae6f549a0f85fe0a30751ef229a58e440af
Details sha256 1 
bc39d3bb128f329d95393bf0a4f6ec813356e847a00794c18258bfa48df6937f
Details sha256 1 
acc5fe0088037ddc055f9286380c56583effa1186afe9d08caea3e197b2643fd
Details IPv4 1441 
127.0.0.1
Details Url 1 
https://pnxkntdl.xyz/kjsdbviad7
Details Url 1 
https://tdvomds.pw/12341324rfefv
Details Url 1 
https://tdvomds.pw/fef23f23f
Details Url 1 
https://aquolepp.pw/milagrecf.php
Details Url 1 
https://dhteijwrb.host/milagrecf.php
Details Url 1 
https://github.com/inquest/didierstevenssuite/blob/biff-image-dump-switch/plugin_biff.py#l570
Details Url 2 
https://labs.inquest.net