← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OneNote Documents Increasingly Used to Deliver Malware | Proofpoint US
WHITE CyberHunter_NL 2023-02-02 Modified: 2023-03-04
94
IOCs
HIGH VOLUME
Find out more about Proofpoint and how to protect your people, data and brand from the latest cyber threats and security threats at a wide range of sites.
qbotonenotedoublebackasyncratbecquasarxwormjanuarysha256decemberproofpointasyncrat c2englishta577quasar ratagentteslaredlinenetwireprotectsmalltoolsfebruaryvirustotalchristmaspowershellquasarratdownloadopenwinddemo
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
XWorm Quasar BEC AsyncRAT DOUBLEBACK OneNote Qbot
Indicators of Compromise (94)
All hostname URL domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
hostname files.catbox.moe 2023-02-02
URL http://transfer.sh/rMitxs/Invoice212.bat 2023-02-02
URL http://transfer.sh/get/p29ViK/tpee.bat 2023-02-02
URL http://transfer.sh/get/UaTsxp/Newsharedfilesnow.hta 2023-02-02
URL http://transfer.sh/get/cOrt9R/me.bat 2023-02-02
URL http://transfer.sh/get/TScdAm/AsyncClient.bat 2023-02-02
URL http://transfer.sh/get/Pcj58k/AsyncClient.bat 2023-02-02
URL http://transfer.sh/get/7msVcM/FRESHME.bat 2023-02-02
URL http://transfer.sh/get/5dLEvB/sky.bat 2023-02-02
URL http://transfer.sh/IGu2K2/INV.bat 2023-02-02
URL http://files.catbox.moe/nvz0g1.ps1 2023-02-02
URL http://files.catbox.moe/rltrtq.bat 2023-02-02
URL http://54.151.95.132/ExcelSheel.vbs 2023-02-02
URL http://54.151.95.132/Access.one 2023-02-02
URL http://3.101.39.145/TPAEROSPACE.one 2023-02-02
URL http://3.101.39.145/Excel.exe 2023-02-02
domain direct-trojan.com 2023-02-02
FileHash-MD5 fc54858ae2e48c9dbe562f68107d1928 MD5 of 9bf99fc32dc69f213812c3c747e8dd41fef63ad0fd0aec01a6b399aeb10a166a 2023-02-02
FileHash-SHA1 70352ca74fa8d31d6b1779b56c4fb16834d4e4c6 SHA1 of 9bf99fc32dc69f213812c3c747e8dd41fef63ad0fd0aec01a6b399aeb10a166a 2023-02-02
FileHash-SHA256 0b0c70ee1612139cf7a83847cca805689aec9fbcc587a7ef8f26aa4fb9e71295 2023-02-02
FileHash-SHA256 0ff4aa2eb1cd681e3b77348af935bcfc56f4b7cae48bcd826000b7ff2b82b671 2023-02-02
FileHash-SHA256 15212428deeeabcd5b11a1b8383c654476a3ea1b19b804e4aca606fac285387f 2023-02-02
FileHash-SHA256 1791dd7a7c7d0688fac3626d57221ada157c57572cf9ed46ad4cab3d28dbaf91 2023-02-02
FileHash-SHA256 222b1a425f75fc7998a0bbabd52277cd82bb5ec50b75f4fb67568b3b754f5406 2023-02-02
FileHash-SHA256 2283c3be89eb6cbf0e1579a6e398a5d1f81a50793fcca22fbc6cbdab53dc2d31 2023-02-02
FileHash-SHA256 328a12fdd6b485362befb392925282451d65aa23482584a49dd5b0e126218df7 2023-02-02
FileHash-SHA256 377fe4e55b6dde063c15c41389f3bb5aacf95443874bdcc0d02a44d6bd793780 2023-02-02
FileHash-SHA256 43f4eaefc6e71f8d30b2e3749475af51ce4d6740546706113cc4785b4410a14c 2023-02-02
FileHash-SHA256 66c045eb61f2e589b1e27db284c9c518e5d0e87dcff25b096eede7047f7dd207 2023-02-02
FileHash-SHA256 6a1bac8fbb30f4b98da7f7ac190fb971bf91d15b41748bc63fd9cbddb96ef189 2023-02-02
FileHash-SHA256 73dc35d1fa8d1e3147a5fe6056e01f89847441ec46175ba60b24a56b7fbdf2f9 2023-02-02
FileHash-SHA256 75819879049e80de6376f146430e63a53fc4291d21f3db930ea872b82d07c77a 2023-02-02
FileHash-SHA256 8276104d8d47def986063b8fbafd82ad5f4cd23862ff9ede1231cefb35115a1b 2023-02-02
FileHash-SHA256 9bf99fc32dc69f213812c3c747e8dd41fef63ad0fd0aec01a6b399aeb10a166a 2023-02-02
FileHash-SHA256 a5ae1b866c5d8a7b3eb8427e686cf5d0264b809ed4491b47346542bf69caab65 2023-02-02
FileHash-SHA256 a748f4e526c1a5fed7e57887ef951e451236ee3ad39cf6161d18e5c2230aca0b 2023-02-02
FileHash-SHA256 adb237144a52fc610984bd5ae8501271c5eef8ff49eff0a9d02adf4a5e36ad3b 2023-02-02
FileHash-SHA256 bdc52f8983b7f034e86d1628efab5faf974e8c33ea9c3bcab0fd09ca462f8322 2023-02-02
FileHash-SHA256 c59f95d9c9ff830d33fb73c2a8b0ee8be6619b6823fc23210600b9fa88a8c9d4 2023-02-02
FileHash-SHA256 c8e326756cc1f95ff51ffe26471df16f4131fdbca2ed14f8c8d14e21010058b9 2023-02-02
FileHash-SHA256 de30f2ba2d8916db5ce398ed580714e2a8e75376f31dc346b0e3c898ee0ae4cf 2023-02-02
FileHash-SHA256 dfb8ba6c2ac264ac73f6d2c440d2c0744c043f1d8435bb798fef5380a649fc4e 2023-02-02
FileHash-SHA256 e1d34ad42938a777d80f3ee4c206de14021f13ab79600168b85894fdb0867b3e 2023-02-02
FileHash-SHA256 e2b70c8552b38a6b8722d614254202c346190c6a187984a4450223eb536aaf4b 2023-02-02
FileHash-SHA256 e5a33b42b71f8ac1a5371888d11a0066b49a7f0c25fe74857fa07fb0c9bdff27 2023-02-02
FileHash-SHA256 ef5a7fc0c2a301b57f0723af97faea37374b91eb3b72d8ca6ffc09a095998bb2 2023-02-02
URL ftp://ftp.mgcpakistan.com/ 2023-02-02
URL http://109.107.179.248:80 2023-02-02
URL http://179.43.187.241/Downloads/Newsharedfilesnow.pdf.lnk 2023-02-02
URL http://198.23.172.90/comment.exe 2023-02-02
URL http://198.23.172.90/new.exe 2023-02-02
URL http://198.23.172.90/templa.one 2023-02-02
URL http://198.23.172.90/template.one 2023-02-02
URL http://212.193.30.230:3345 2023-02-02
URL http://barricks.org/admin10/client.php 2023-02-02
URL http://codezian.com/Nt57/300123.gif 2023-02-02
URL http://depotejarat.ir/voicemail.bat 2023-02-02
URL http://direct-trojan.com/file/05df70/remlog.bat 2023-02-02
URL http://direct-trojan.com/file/3c6f73/software-update.exe 2023-02-02
URL http://direct-trojan.com/file/b685b9/New%20Section%201.one 2023-02-02
URL http://kanaskanas.com/fw435tv345t.ps1 2023-02-02
URL http://myvigyan.com/m1YPt/300123.gif 2023-02-02
URL http://onenotegem.com/uploads/soft/one-templates/weekly_assignments.one 2023-02-02
URL http://stnicholaschurch.ca/Cardlock_341121.bat 2023-02-02
URL http://stnicholaschurch.ca/DCyaz.bat 2023-02-02
URL http://stnicholaschurch.ca/Invoice.one 2023-02-02
URL http://stnicholaschurch.ca/xw.bat 2023-02-02
URL http://www.onenotegem.com/uploads/soft/one-templates/four-quadrant.one 2023-02-02
URL http://www.onenotegem.com/uploads/soft/one-templates/notes_to_do_list.one 2023-02-02
URL http://www.onenotegem.com/uploads/soft/one-templates/the_daily_schedule.one 2023-02-02
URL http://zaminkaran.ir/new.png 2023-02-02
domain assignments.one 2023-02-02
domain barricks.org 2023-02-02
domain codezian.com 2023-02-02
domain depotejarat.ir 2023-02-02
domain four-quadrant.one 2023-02-02
domain invoice.one 2023-02-02
domain kanaskanas.com 2023-02-02
domain list.one 2023-02-02
domain myvigyan.com 2023-02-02
domain onenotegem.com 2023-02-02
domain schedule.one 2023-02-02
domain stnicholaschurch.ca 2023-02-02
domain templa.one 2023-02-02
domain template.one 2023-02-02
domain tpaerospace.one 2023-02-02
domain zaminkaran.ir 2023-02-02
hostname ftp.mgcpakistan.com 2023-02-02
hostname ghcc.duckdns.org 2023-02-02
hostname newtryex.ddns.net 2023-02-02
hostname plax.duckdns.org 2023-02-02
hostname su1d.nerdpol.ovh 2023-02-02
hostname winery.nsupdate.info 2023-02-02
hostname www.onenotegem.com 2023-02-02
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware