General
-
Target
https://substrate.office.com/sts/%22,%22aud%22:%22https://outlookimageproxy.azurewebsites.net%22,%22ssec%22:%22C5zQeOIal8AlLlt2%22%7D%EF%BF%BDXF%EF%BF%BD%EF%BF%BDy%EF%BF%BD%3Ch%22%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%0E%EF%BF%BD%EF%BF%BD%C9%B352%22%D2%9D*%22%EF%BF%BD%EF%BF%BD~G%EF%BF%BD%EF%BF%BD;%EF%BF%BD%EF%BF%BD%151%EF%BF%BD+jF%EF%BF%BD%EF%BF%BD%EF%BF%BD&cf%EF%BF%BDuAf%EF%BF%BD%EF%BF%BD%06%EF%BF%BD%16%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%1E%1D(k8vt%EF%BF%BD%EF%BF%BDw%EF%BF%BDk%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BDzI3%EF%BF%BD%D3%B5%EF%BF%BDT%EF%BF%BD~%EF%BF%BD3%EF%BF%BD%19%16%EF%BF%BDH8%EF%BF%BD%25%C5%A58%EF%BF%BD@%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD1%5E%EF%BF%BD%EF%BF%BDO%EF%BF%BD%EF%BF%BD%3E%EF%BF%BD%EF%BF%BD%EF%BF%BD%19%EF%BF%BD%1F)W%EF%BF%BDl%EF%BF%BD(%EF%BF%BD%3EH%7B%EF%BF%BD_%EF%BF%BD4%EF%BF%BD%25g%EF%BF%BD3%0F%EF%BF%BD%EF%BF%BD%22%EF%BF%BD%EF%BF%BD%17%EF%BF%BD%EF%BF%BD%EF%BF%BD;#%1A%0E%EF%BF%BDaG%EF%BF%BD%7D2%EF%BF%BDK%EF%BF%BD%EF%BF%BD%01%EF%BF%BD%EF%BF%BDq%EF%BF%BD%EF%BF%BD!%EF%BF%BD%EF%BF%BD%D4%91'r%1C%07%EF%BF%BDt%19:%EF%BF%BDb%EF%BF%BD%EF%BF%BDT%EF%BF%BDF%EF%BF%BDJ%D1%BE%1DP%EF%BF%BD%20%3C%EF%BF%BDD9%EF%BF%BD%EF%BF%BD%EF%BF%BDD%EF%BF%BD#%EF%BF%BDi%EF%BF%BD%E7%97%94C%EF%BF%BDya7%EF%BF%BD%07L%EF%BF%BD'%EF%BF%BD%EF%BF%BD%25%18M%EF%BF%BD%EF%BF%BD%EF%BF%BD%D2%A0%EF%BF%BD%EF%BF%BD*A_%EF%BF%BD%04%EF%BF%BD%EF%BF%BD%3C4U%14%EF%BF%BDy%EF%BF%BD#
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: outlookimageproxy.azurewebsites.netssecC5zQeOIal8AlLlt2XFyh52G1jFcfuAfk8vtwkzI3T3H88@1OWlH4g3