Microsoft Office DDE SEC OMB Approval Lure | InQuest
Tags
attack-pattern: Data Control Panel - T1218.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID bf2e065b-fe86-4beb-95c0-7aad3714ce9e
Fingerprint 55619a0b3a6c5716
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 14, 2017, midnight
Added to db June 5, 2023, 10:54 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Microsoft Office DDE SEC OMB Approval Lure
Title Microsoft Office DDE SEC OMB Approval Lure | InQuest
Detected Hints/Tags/Attributes 43/1/38
Source URLs
Redirection Url
Details Source https://inquest.net/blog/2017/10/14/microsoft-office-dde-sec-omb-approval-lure
URL Provider
Details Provider Source level domain
Details inquest.net inquest.net
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 137 InQuest https://inquest.net/blog/rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 339 
system.net
Details Domain 80 
goo.gl
Details Domain 1 
ipangea.com
Details Domain 228 
system.io
Details Domain 6 
ms.seek
Details Domain 149 
system.security
Details Domain 20 
inquest.net
Details Domain 3 
ns0.pw
Details Domain 3 
ns0.site
Details Domain 3 
ns0.space
Details Domain 3 
ns0.website
Details Domain 3 
ns1.press
Details Domain 3 
ns1.website
Details Domain 3 
ns2.press
Details Domain 3 
ns3.site
Details Domain 3 
ns3.space
Details Domain 3 
ns4.site
Details Domain 3 
ns4.space
Details Domain 3 
ns5.biz
Details Domain 3 
ns5.online
Details Domain 3 
ns5.pw
Details Domain 1 
ns0.bz
Details Domain 1 
ns0.click
Details File 2 
c:\\programs\\microsoft\\office\\msword.exe
Details File 1208 
powershell.exe
Details File 2 
filings_and_forms.docx
Details File 2 
ps1.txt
Details File 4 
pay.txt
Details File 36 
compression.gzip
Details File 35 
'powershell.exe
Details File 13 
psversiontable.ps
Details File 13 
'kernel32.dll
Details File 6 
cryptography.md5
Details sha256 1 
9fa8f8ccc29c59070c7aac94985f518b67880587ff3bbfabf195a3117853984d
Details Url 1 
https://goo.gl/gqdihn');powershell.exe
Details Url 1 
https://ipangea.com/wp-content/themes/ps1.txt
Details Url 1 
https://ipangea.com/wp-content/themes/pay.txt
Details Windows Registry Key 2 
HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run