Cloud CRM Spreads Locky Ransomware via DDE Exploit
Tags
attack-pattern: Data Cloud Services - T1021.007 Domains - T1583.001 Domains - T1584.001 Dynamic Data Exchange - T1559.002 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Dynamic Data Exchange - T1173 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID bcf92c59-115a-439a-af68-c21e32844400
Fingerprint ac432bda8dae0a6d
Analysis status DONE
Considered CTI value 1
Text language
Published Dec. 12, 2017, 11:30 p.m.
Added to db Jan. 18, 2023, 11:31 p.m.
Last updated Sept. 2, 2024, 1:58 a.m.
Headline Cloud CRM Spreads Locky Ransomware via DDE Exploit
Title Cloud CRM Spreads Locky Ransomware via DDE Exploit
Detected Hints/Tags/Attributes 49/1/5
Source URLs
Redirection Url
Details Source https://www.netskope.com/blog/cloud-crm-spreads-locky-ransomware-via-dde-exploit/
URL Provider
Details Provider Source level domain
Details netskope.com www.netskope.com
Attributes
Details Type #Events CTI Value
Details File 1 
invoice_file_68169.doc
Details File 1 
heropad64.exe
Details File 1 
13jkupwl.exe
Details md5 1 
eae849f6510db451f4fbdb780b5d49aa
Details md5 1 
7bbc46655683df7a0e842c0adff987a3