[QuickNote] Examining Formbook Campaign via Phishing Emails
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID c59f59ae-abeb-4509-9085-c048cb39c356
Fingerprint 288339022d7e218d
Analysis status DONE
Considered CTI value 0
Text language
Published July 6, 2023, 8:35 a.m.
Added to db Nov. 6, 2023, 6:06 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline 0day in {REA_TEAM}
Title [QuickNote] Examining Formbook Campaign via Phishing Emails
Detected Hints/Tags/Attributes 20/2/17
Source URLs
Redirection Url
Details Source https://kienmanowar.wordpress.com/2023/07/06/quicknote-examining-formbook-campaign-via-phishing-emails/
URL Provider
Details Provider Source level domain
Details wordpress.com kienmanowar.wordpress.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 146 0day in {REA_TEAM} https://kienmanowar.wordpress.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
thanhancompany.com
Details Domain 149 
system.security
Details Domain 228 
system.io
Details Domain 1 
mag.wcoomd.org
Details File 1 
brochure-for-2023-elite-events.rar
Details File 1 
brochure-for-2023-elite-events.pdf
Details File 1208 
powershell.exe
Details File 37 
'cmd.exe
Details File 1 
bfslxfb.key
Details File 36 
compression.gzip
Details File 3 
blank.pdf
Details File 1 
883.exe
Details sha256 1 
00f20471ea61f5b0f5a1e2e9be722369ea515aaea80283aa046bd47e51f952e4
Details IPv6 1 
::ecb
Details Url 1 
https://mag.wcoomd.org/uploads/2018/05/blank.pdf
Details Url 1 
https://thanhancompany.com/grip/883.exe
Details Url 1 
http://thanhancompany.com/ta/pintu.hta