← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Credit Tr1sa111- "Operation WordDrone" usernote: 22 clicks to clone
WHITE msudosos 2026-04-30 Modified: 2026-05-30
27
IOCs
MEDIUM VOLUME
taiwanwinwordcommandexample codedigiwinmicrosoft wordntdllhttphttpswebsocketaprilconceptprocdumpvirustotalinstallertargetaugustclientendpoint.dll main
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Digiwin ClientEndPoint.dll Main
Indicators of Compromise (27)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname IPv4
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2024-40521 2026-04-30
FileHash-MD5 15e52f52ed2b8ed122fae897119687c4 MD5 of 8cfb55087fa8e4c1e7bcc580d767cf2c884c1b8c890ad240c1e7009810af6736 2026-04-30
FileHash-MD5 26ff6fac8ac83ece36b95442f5bb81ce MD5 of 19bbc2daa05a0e932d72ecfa4e08282aa4a27becaabad03b8fc18bb85d37743a 2026-04-30
FileHash-SHA1 6ab0e2ede4e0968eae2bdc63864971054a534f7b SHA1 of 19bbc2daa05a0e932d72ecfa4e08282aa4a27becaabad03b8fc18bb85d37743a 2026-04-30
FileHash-SHA1 6da5a78f57fcc9e00e76d6c6ae0461a291653cc0 2026-04-30
FileHash-SHA1 6e35ae1d5b6f192109d7a752acd939f5ca2b97a6 SHA1 of 8cfb55087fa8e4c1e7bcc580d767cf2c884c1b8c890ad240c1e7009810af6736 2026-04-30
FileHash-SHA256 19bbc2daa05a0e932d72ecfa4e08282aa4a27becaabad03b8fc18bb85d37743a 2026-04-30
FileHash-SHA256 21e6a198f98ba960e073bab6c9a4f0384a938d0ac7535d7f16b5935b5bbdfa61 2026-04-30
FileHash-SHA256 35bd7839a815d65604f3ca85a3c473266c31779946728b9a14dc6020f0b707ac 2026-04-30
FileHash-SHA256 517522c3ad24f48ed54094df2a800f2dab3270f2b026febec9eb9728c45dee5c 2026-04-30
FileHash-SHA256 7401e1fd539a219ef3708c9b4a9dac17efe42052b5032986c6d8dfd5a6836e14 2026-04-30
FileHash-SHA256 74096848382ffb86a5ff0c7811b9867ad97f83d3f406b2c5aa9f357e1619fe21 2026-04-30
FileHash-SHA256 8cfb55087fa8e4c1e7bcc580d767cf2c884c1b8c890ad240c1e7009810af6736 2026-04-30
FileHash-SHA256 a8cc9a58e0ce2be1b238867043ba846da75c4279ea201956e0ad70914b3d9f43 2026-04-30
FileHash-SHA256 d6bedad375c34999966c84dd56350961c5a99cfa89b0cd5e10aaba737d3b451f 2026-04-30
FileHash-SHA256 d8d6dcb17ea0be642c2aef7ee7164a69cd0da1824c138fdb9e931f54cbe5c121 2026-04-30
FileHash-SHA256 d9531e53036c5d04fbe7d1aeae2988c3bf0fdec63774690c5df70cc121af8de4 2026-04-30
FileHash-SHA256 dbed5812f7dbf8ff2276f896ba2ad6b1c206c2cf2569667348c7f47048032e65 2026-04-30
FileHash-SHA256 f13869390dda83d40960d4f8a6b438c5c4cd31b4d25def7726c2809ddc573dc7 2026-04-30
FileHash-SHA256 f3897381b9a4723b5f1f621632b1d83d889721535f544a6c0f5b83f6ea3e50b3 2026-04-30
URL http://es-update.digiwin.com/full/ServiceCloudButler/ 2026-04-30
domain microsoftsvc.com 2026-04-30
hostname es-update.digiwin.com 2026-04-30
hostname server.microsoftsvc.com 2026-04-30
hostname time.vmwaresync.com 2026-04-30
domain acceptable-use-policy-calendly.de 2026-05-08
IPv4 91.92.242.30 2026-05-12
References (1)
↗ https://www.acronis.com/en-us/cyber-protection-center/posts/operation-worddrone-drone-manufacturers-are-being-targeted-in-taiwan/