TA505 campaign: Macro Analysis
Tags
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | d74d4f95-11e0-43bd-986a-5d55125ee657 |
| Fingerprint | ac41ba138faf396c |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 10, 2019, 12:16 p.m. |
| Added to db | Jan. 18, 2023, 9:41 p.m. |
| Last updated | Nov. 17, 2024, 5:54 p.m. |
| Headline | TA505 campaign: Macro Analysis |
| Title | TA505 campaign: Macro Analysis |
| Detected Hints/Tags/Attributes | 17/1/41 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://evilcodeanalysis.com/2019/11/10/ta505-campaign-macro-analysis/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | dl2.dropbox-er.com |
|
| Details | Domain | 2 | pt.shell |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 1 | userform1.show |
|
| Details | Domain | 1 | libproject.xlsx.zip |
|
| Details | Domain | 154 | urlscan.io |
|
| Details | Domain | 77 | apple.com |
|
| Details | Domain | 1 | dropbox-er.com |
|
| Details | Domain | 3 | dropbox-download.com |
|
| Details | Domain | 1 | dropbox-en.com |
|
| Details | Domain | 2 | dropbox-eu.com |
|
| Details | Domain | 1 | onedrive-sd.com |
|
| Details | Domain | 1 | onedrive-sn.com |
|
| Details | Domain | 2 | onedrive-sdn.com |
|
| Details | Domain | 1 | onedrive-cdn.com |
|
| Details | Domain | 1 | onedrive-download-en.com |
|
| Details | Domain | 1 | onedrive-download.com |
|
| Details | Domain | 2 | cdn-onedrive-live.com |
|
| Details | Domain | 1 | onedrive-en-live.com |
|
| Details | Domain | 1 | onedrive-fn.com |
|
| Details | Domain | 1 | googledrive-eu.com |
|
| Details | Domain | 1 | googledrive-en.com |
|
| Details | Domain | 1 | googledrive-gb.com |
|
| Details | Domain | 1 | googledrive-download.com |
|
| Details | Domain | 1 | box-en.com |
|
| Details | Domain | 1 | box-cnd.com |
|
| Details | Domain | 2 | onehub.com |
|
| Details | Domain | 1 | own-eu-cloud.com |
|
| Details | Domain | 1 | syncdownloading.com |
|
| Details | Domain | 1 | sync-share.com |
|
| Details | File | 1 | 19.xls |
|
| Details | File | 1 | libdxdiag2.dll |
|
| Details | File | 1 | libdxdiag1.dll |
|
| Details | File | 1 | %temp%\libproject.xlsx |
|
| Details | File | 1 | %temp%\libproject.xsl |
|
| Details | File | 9 | oleobject1.bin |
|
| Details | File | 1 | c:\users\rem\appdata\local\temp\oleobject1.bin |
|
| Details | File | 1 | c:\users\rem\appdata\roaming\microsoft\windows\templates\libdxdiag1.dll |
|
| Details | sha256 | 1 | 6e31b0051adf99888d50d8679c329ffb9b41991e04d8b639cc01f13e5f46656f |
|
| Details | Url | 1 | https://dl2.dropbox-er.com/?bsofw |
|
| Details | Url | 1 | https://urlscan.io/search/#domain: |