← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
OneNote Documents Increasingly Used to Deliver Malware | Proofpoint US
WHITE CyberHunter_NL 2023-02-02 Modified: 2023-03-04
94
IOCs
HIGH VOLUME
Find out more about Proofpoint and how to protect your people, data and brand from the latest cyber threats and security threats at a wide range of sites.
qbotonenotedoublebackasyncratbecquasarxwormjanuarysha256decemberproofpointasyncrat c2englishta577quasar ratagentteslaredlinenetwireprotectsmalltoolsfebruaryvirustotalchristmaspowershellquasarratdownloadopenwinddemo
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
XWorm Quasar BEC AsyncRAT DOUBLEBACK OneNote Qbot
Indicators of Compromise (40 / 94 total)
All hostname URL domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL http://transfer.sh/rMitxs/Invoice212.bat 2023-02-02
URL http://transfer.sh/get/p29ViK/tpee.bat 2023-02-02
URL http://transfer.sh/get/UaTsxp/Newsharedfilesnow.hta 2023-02-02
URL http://transfer.sh/get/cOrt9R/me.bat 2023-02-02
URL http://transfer.sh/get/TScdAm/AsyncClient.bat 2023-02-02
URL http://transfer.sh/get/Pcj58k/AsyncClient.bat 2023-02-02
URL http://transfer.sh/get/7msVcM/FRESHME.bat 2023-02-02
URL http://transfer.sh/get/5dLEvB/sky.bat 2023-02-02
URL http://transfer.sh/IGu2K2/INV.bat 2023-02-02
URL http://files.catbox.moe/nvz0g1.ps1 2023-02-02
URL http://files.catbox.moe/rltrtq.bat 2023-02-02
URL http://54.151.95.132/ExcelSheel.vbs 2023-02-02
URL http://54.151.95.132/Access.one 2023-02-02
URL http://3.101.39.145/TPAEROSPACE.one 2023-02-02
URL http://3.101.39.145/Excel.exe 2023-02-02
URL ftp://ftp.mgcpakistan.com/ 2023-02-02
URL http://109.107.179.248:80 2023-02-02
URL http://179.43.187.241/Downloads/Newsharedfilesnow.pdf.lnk 2023-02-02
URL http://198.23.172.90/comment.exe 2023-02-02
URL http://198.23.172.90/new.exe 2023-02-02
URL http://198.23.172.90/templa.one 2023-02-02
URL http://198.23.172.90/template.one 2023-02-02
URL http://212.193.30.230:3345 2023-02-02
URL http://barricks.org/admin10/client.php 2023-02-02
URL http://codezian.com/Nt57/300123.gif 2023-02-02
URL http://depotejarat.ir/voicemail.bat 2023-02-02
URL http://direct-trojan.com/file/05df70/remlog.bat 2023-02-02
URL http://direct-trojan.com/file/3c6f73/software-update.exe 2023-02-02
URL http://direct-trojan.com/file/b685b9/New%20Section%201.one 2023-02-02
URL http://kanaskanas.com/fw435tv345t.ps1 2023-02-02
URL http://myvigyan.com/m1YPt/300123.gif 2023-02-02
URL http://onenotegem.com/uploads/soft/one-templates/weekly_assignments.one 2023-02-02
URL http://stnicholaschurch.ca/Cardlock_341121.bat 2023-02-02
URL http://stnicholaschurch.ca/DCyaz.bat 2023-02-02
URL http://stnicholaschurch.ca/Invoice.one 2023-02-02
URL http://stnicholaschurch.ca/xw.bat 2023-02-02
URL http://www.onenotegem.com/uploads/soft/one-templates/four-quadrant.one 2023-02-02
URL http://www.onenotegem.com/uploads/soft/one-templates/notes_to_do_list.one 2023-02-02
URL http://www.onenotegem.com/uploads/soft/one-templates/the_daily_schedule.one 2023-02-02
URL http://zaminkaran.ir/new.png 2023-02-02
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware