Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #IOC #OptiData #VR #hz #xml_rels
- https://pastebin.com/NqSr9aMd
- FAQ:
- attack_vector
- --------------
- email attach .docx > .xml.rels > GET a.uchi{.} moe/zmxyor.doc > 404
- email_headers
- --------------
- Received: from xdtoilet.gq ([103.89.88.69])
- by srv8.victim1.com for <user0@org7.victim1.com>;
- Fri, 21 Dec 2018 07:28:03 +0200 (EET)
- (envelope-from asherc@xdtoilet.gq)
- Reply-To: info4@xdtoilet.com
- From: Asher Clif <asherc@xdtoilet.gq>
- To: user0@org7.victim1.com
- Subject: Enquiry
- Date: 21 Dec 2018 13:19:03 -0800
- Disposition-Notification-To: darrenmaurice00@gmail.com
- files
- --------------
- SHA-256 c80651ca9cd9d3a73371453684a6ee4bd46df23832c808668f7dd38fb87fa444
- File name SAMPLE23142.docx
- File size 11.76 KB
- activity
- **************
- SAMPLE23142/word/_rels/document.xml.rels
- https://a.uchi{.} moe/zmxyor.doc
- netwrk
- --------------
- n/a
- comp
- --------------
- WINWORD.EXE 1728 104.27.173.56 443 ESTABLISHED
- proc
- --------------
- n/a
- persist
- --------------
- n/a
- drop
- --------------
- n/a
- # # #
- https://www.virustotal.com/#/file/c80651ca9cd9d3a73371453684a6ee4bd46df23832c808668f7dd38fb87fa444/details
- https://www.virustotal.com/#/url/52683581774bbd6da0e628ddf065524300bcd527c94efb0a33709c3aaf8fcc35/details
- VR
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement