all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Be aware of the new malicious OneNote campaign!

Add to bookmarks
Nov. 3, 2023, 9:49 a.m. | /u/arieldavidpur

cybersecurity www.reddit.com

A new malicious OneNote campaign contains two malicious payloads:

1. Powershell script - Creating a WebClient to access the C2 with Empire User-Agent and then getting the malicious payload encrypted with RC4.

2. Batch file - Creating an LNK file and running it with Wscript.Shell command and then drop a remote EXE file and execute it using conhost.exe



IOCs:

34\[.\]159\[.\]33\[.\]139 (Google Cloud)

167\[.\]235\[.\]247\[.\]158

hxxps://botfusion1-8f4913f37609\[.\]herokuapp\[.\]com/331736/voicemail4\[.\]ex\_

b297041a66ff6e4cd884a33e7600478f529bc88f6105e5a81bd9f177eaf18a5e

2944991319bdce514a8313db92f195200fc9568afba4059f5cc315aa0e9a6713

15F5CE97C44E17D9C094D0DE6C8CAB95331F485F352BC298F1561761FF1705C6

7670970292647266783fd0006663746e1d448043fc1c4aba0927c3afd9d331b0

4f9b3d45cf05f70371b9a27ae0af7fc1f75b8aad4dc9fa87f44988716e355c33

2be7bee6f5c5c8b6b54cedeef908154316a6f924a7c90f8b9c07cd26d68fbcca



\#onenote #malwareanalysis #malware #cybersecurity #emailsecurity #browsersecurity #websecurity #googlecloudplatform Microsoft #sliver …

access agent aware batch campaign command cybersecurity empire encrypted file lnk lnk file malicious onenote payload powershell powershell script rc4 running script shell user-agent

Visit resource

More from www.reddit.com / cybersecurity

NSA security designer goes to jail for sharing top secret files 4 hours ago | www.reddit.com
cybersecurity designer files goes +7
Thousands of Airsoft players under threat after data breach 4 hours ago | www.reddit.com
breach cybersecurity data data breach +3
Hackers of all kinds are attacking routers across the world | TechRadar 5 hours ago | www.reddit.com
cybersecurity hackers routers world
🤣 Ivanti is hiring an Offensive Security Engineer 6 hours ago | www.reddit.com
assessment cybersecurity old team +3
Migrating to Australia as a cybersecurity consultant 8 hours ago | www.reddit.com
australia clients consultant cybersecurity +11
Why is an entry level job so hard to get? 10 hours ago | www.reddit.com
automatic cybersecurity don down +7
REvil hacker behind Kaseya ransomware attack gets 13 years in prison 12 hours ago | www.reddit.com
cybersecurity
Veza releases the "State of Access" report based on 1.2B permissions 12 hours ago | www.reddit.com
access cybersecurity permissions releases +3
From S3 bucket to internal network operation 13 hours ago | www.reddit.com
cybersecurity internal internal network network +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com

Cyber Program Manager - CISO- United States – Remote

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Network Security Engineer (AEGIS)

@ Peraton | Virginia Beach, VA, United States
View on infosec-jobs.com

SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com

Information Systems Security Engineer

@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)
View on infosec-jobs.com
View more jobs