Resubmissions

20-11-2024 18:03

241120-wneyksvpcl 7

20-11-2024 17:42

241120-v99jmszqbz 7

20-11-2024 17:38

241120-v77l9svlhl 7

General

  • Target

    https://secure-web.cisco.com/1YnI6qkhd5GXSkZfZd7WDhVASwUGo4NlSsxzSYIqcF41o8n61pr6FC4SYTa0lDJkhz8jkuMmtnOICFw6udyMC2x8SXpodMh7WcWGCq3xoYUdroAj-Sot9mIF2aNqiGIBJa7MZ_iUpumSn362yJxHxN5g3J3yUWXGjbPsmte9DfNWaLzmrqJVG62mnz_LQ1ThzWP1vDBLWCetR9rH46MElZ7lSp7k4c_V3nR1w45ii_rIEm3GHE3FVW5XAS-XBCtMPAELxfRkuwWtu0QPMqk1RsJLeZrX4IdQYHZLkTCa3Ac_jFJnM8PPskjgYBWJzph3jt1GFEwhv6ItP7MlH_D6eeA/https%3A%2F%2Fapp.box.com%2Fs%2F25nmxk3r6x8jjf97l5nt9o7by0khdb7l

  • Sample

    241120-v99jmszqbz

Malware Config

Targets

    • Target

      https://secure-web.cisco.com/1YnI6qkhd5GXSkZfZd7WDhVASwUGo4NlSsxzSYIqcF41o8n61pr6FC4SYTa0lDJkhz8jkuMmtnOICFw6udyMC2x8SXpodMh7WcWGCq3xoYUdroAj-Sot9mIF2aNqiGIBJa7MZ_iUpumSn362yJxHxN5g3J3yUWXGjbPsmte9DfNWaLzmrqJVG62mnz_LQ1ThzWP1vDBLWCetR9rH46MElZ7lSp7k4c_V3nR1w45ii_rIEm3GHE3FVW5XAS-XBCtMPAELxfRkuwWtu0QPMqk1RsJLeZrX4IdQYHZLkTCa3Ac_jFJnM8PPskjgYBWJzph3jt1GFEwhv6ItP7MlH_D6eeA/https%3A%2F%2Fapp.box.com%2Fs%2F25nmxk3r6x8jjf97l5nt9o7by0khdb7l

    • A potential corporate email address has been identified in the URL: image_loading@2x_fd2a63790bc01d48.min.gif

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Detected potential entity reuse from brand MICROSOFT.

MITRE ATT&CK Enterprise v15

Tasks