#malware 2ed12bb3b6a6f6af26010e258b52f10b desglose.docx Template Injection -> http://194.36.190[.]41:8000/template.dotm w/macro (fd73fbc3f67f412b749501835e40ee44) Drops exe C:\Windows\Temp\tex_doc.pdf (f6c08c1c6c4d4e889de8b18510102f4d) Internal name of "sharp_RunDLLDonut.dll"

#malware #Gamaredon f69122c6f70990f75dc0886f0befaf5e План СПА на 2020 рік.docx Template Injection - > http://raggina[.]space/BC855646D052/spool/boot/aCxBBz.dot

#malware COVID_19_Result.zip (c8dba24e5550cbbea350776067d270db) Contains Document_Password.xml_;.lnk ( a9e1dde21d8ed9473aef11fb36421a9f) which launches License.vbs (902d0d515a5a3b687e5e7fdc62bb6f58) Comms to speedtestofwifi[.]com (104.26.14[.]17) app.any.run/tasks/a67d0b4b…

#APT #Gamaredon arhiv.rar (75ae7cde900541d2ebd9fd8c8032d9c8) containing Microsoft Word Document.docx.lnk (7227d052bd1e4a00b8a3ba32e2ac7cd2) mshta -> email-gov[.]site/encouragement/updates.html (195.161.114[.]130) app.any.run/tasks/ca666b4c…

#APT #Gamaredon (b059248480fe52bb07296d0b67ffaf88) arhiv.rar containing Microsoft Word Document.docx.lnk (aefc6e9a78a78fcde75a1fd64e6c0c61) mshta -> email-gov[.]site/puzzled/updates.html

#malware #lnk COVID_19_Test_Result.zip Containing LNK (Password_Document.xml_;.lnk) that launches pass.vbs (b73cfb56875355db0cea8b3b0b251a2f) C2: transfermychoice[.]com (129.146.45[.]144)

#malware Call-for-Proposal-DGSP-COAS-Chair-Excellance[.]zip Containing #lnk 261fa3263efc672ed853c7b327b64d70 mshta -> iiieyehealth[.]com Drops winidr.exe (76f427732d65127b631822e84158fab3) C2 http://161.97.142[.]96/htt_p app.any.run/tasks/1e78d9b8…

#malware rtf template injection IDEAS 2022.doc - 35eadf808d958c01bd4b6b18a3ade34e Template -> http://log[.]bookservices[.]xyz/Ods9Z6420zj7Y9H3/OsVoOaari3CP2x4i.php

#malware #DOUBLEBACK c41e2c2cc5843cedd79162c73787d4de XOR key for config: 0x000001bf C2: https://greeklife242[.]com/admin8/client.php https://cdnprojects[.]net/admin8/client.php