otx.alienvault.com
Open in
urlscan Pro
143.204.98.80
Public Scan
URL:
https://otx.alienvault.com/pulse/6193e3f5b119e561c52ed3ba?scan=1&utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=ot...
Submission: On November 16 via api from US — Scanned from DE
Submission: On November 16 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form _ngcontent-dsf-c132="" novalidate="" class="login ng-untouched ng-pristine ng-invalid" id="welcomeLoginForm-pulse-detail" __bizdiag="-695151727" __biza="WJ__">
<div _ngcontent-dsf-c132="" class="form-group"><label _ngcontent-dsf-c132="" for="id_login">Username</label><input _ngcontent-dsf-c132="" container="body" formcontrolname="login" id="id_login" name="login" placement="right" type="text"
class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div>
<div _ngcontent-dsf-c132="" class="form-group"><label _ngcontent-dsf-c132="" for="id_password">Password</label><input _ngcontent-dsf-c132="" container="body" formcontrolname="password" id="id_password" name="password" placement="right"
type="password" class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div><button _ngcontent-dsf-c132="" id="loginBtn" type="submit" class="btn btn-att disabled" disabled=""> Log in
<i _ngcontent-dsf-c132="" aria-hidden="true" class="fa fa-chevron-right smaller"></i></button>
<div _ngcontent-dsf-c132="" class="remember-checkbox"><label _ngcontent-dsf-c132=""><input _ngcontent-dsf-c132="" id="id_remember" name="remember" type="checkbox"> REMEMBER ME</label></div>
</form>Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (164955) Suggest Edit Clone Embed Download Report Spam OFFICE DOCUMENTS: MAY THE XLL TECHNIQUE CHANGE THE THREAT LANDSCAPE IN 2022? * Created 32 minutes ago by AlienVault * Public * TLP: White In the last months, security researchers monitored with particular attention several attack waves adopting a new delivery technique: binary libraries directly loaded by Microsoft Excel, just in one click. This emergent delivery technique leverages XLL files, a particular file type containing a Microsoft Excel application ready to be loaded. Reference: https://yoroi.company/research/office-documents-may-the-xll-technique-change-the-threat-landscape-in-2022/ Tags: xll, office document, discord Malware Families: Backdoor:MSIL/AgentTesla , Dridex - S0384 , Formbook Att&ck IDs: T1055.001 - Dynamic-link Library Injection , T1137.001 - Office Template Macros Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (17) * Related Pulses (1) * Comments (0) * History (0) FileHash-MD5 (3)email (2)FileHash-SHA1 (3)Domain (1)FileHash-SHA256 (7)URL (1) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses emailsales@bswaterenergy.comNov 16, 2021, 5:01:42 PM0 emaillnfo@aothailand.comNov 16, 2021, 5:01:42 PM0 domainart-space.xyzNov 16, 2021, 5:01:42 PM1 URLhttp://art-space.xyz/c8te/Nov 16, 2021, 5:01:42 PM0 FileHash-SHA256c011cd7891e9668deaf83ebf396132d5ada8d8510a1d6853af748432a5280911Nov 16, 2021, 5:01:42 PM0 FileHash-SHA256994013d66ae20cfa4ef1097d73481b00a672131d0de44d79a04ff12f492aae55ConventionEngine_Anomaly_MultiPDB_DoubleNov 16, 2021, 5:01:42 PM0 FileHash-SHA2568f9dcf822dd8f22dd3c21f0798e97554a24b05a0fa3065d2580933ff4af29a6dWin32:MalwareX-gen\ [Trj]Nov 16, 2021, 5:01:42 PM0 FileHash-SHA25664a668add3d7f3bbcc0ef6acb25529c70df773d74e7e17a4a8fd8c95e81ee8bdTrojan:Win32/Formbook!MTBNov 16, 2021, 5:01:42 PM1 FileHash-SHA25650d645e57a915baf4db98b6476681dce65d809e84f2c72eff0d6db4b10fd28d0Nov 16, 2021, 5:01:42 PM0 FileHash-SHA2562f4dede7501c5e406ba8063dc53c48199620197a3c925fdf193dd5134749791eNov 16, 2021, 5:01:42 PM0 SHOWING 1 TO 10 OF 17 ENTRIES 1 2 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status Login to Initiate Scan × * Sign Up * Log In or Username Password Log in REMEMBER ME Recover Your Password | Resend Verification Email