OneDrive Pastejacking: The crafty phishing and downloader campaign

    Tuesday, July 30, 2024 In: Threat Research Print

    Date: 07/30/2024

    Severity: High 

    Summary

    The campaign lures users by offering a button that claims to fix a DNS issue and provide access to a Microsoft OneDrive file. It uses social engineering to exploit the user’s urgency and hope for a quick DNS fix, leading them to access the targeted document.

    Indicators of Compromise (IOC) List

        Domains\Urls

    https://kostumn1.ilabserver.com

    ilabserver.com

    kostumn1.ilabserver.com

        Hash

    04cdff477585cb0747ecd20052f03c2e

0852c3e7903dd3b1db6a6b232c33a25a

0e36cf2719295596da0c7ef10b11df15

1152103edc64ddee7ea4e07cd5dd78ae

1eda7707ef4e03f0b1ab6b6fb96757a6

1ff108f1bfb39b21db5f1d4f7ad56bf2

2df579460a76631836d108578af4caa5

30997b5e63297c58c4f9fe73c8c200ac

328110e6c36cd70edac6bea395c40b18

363b4f9fdb1e2a5926037b207caecfe5

404bd47f17d482e139e64d0106b8888d

4341f0372eda93afce82908014f420d9

55cf60a640fc773a7c38de9c5e44da30

7133ae7dd452aa6469c85e236a59159e

763d557c3e4c57f7d6132a444a930386

7f5c82eadbaadec6ba2b004fbafa9a31

96bb795d111717109fac22f8433c7e27

b183269587055f35cb23d2d33ff3f5fa

c56b5f0201a3b3de53e561fe76912bfd

cac3c4005f952293b38302199494759a

cf16271bfe826db5ef0c1a67433a619f

d0ad617ed1812822eebc9592d49a575c

d524addd18d8014d72abb9dd172e782d

d6faa6bd1732517f260d94feb3cdbfc2

deaf955bbf5d66db200e366ae3563eab

dfa96717b69fa69d264a60b9de36f078

e0768bce522927eb89f74750e09f2a1c

eed2174f5b87d58b1b0baea0e509e141

ef082ddcbf5c94f1da1d2026d36b6b3f

ef9d05bb8a24bec1d94123c90b1268bb

fca4c1908da892161bbf09f1437dade7

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

      Domains\Urls 

    userdomainname like "kostumn1.ilabserver.com" or url like "kostumn1.ilabserver.com" or userdomainname like "https://kostumn1.ilabserver.com" or url like "https://kostumn1.ilabserver.com" or userdomainname like "ilabserver.com" or url like "ilabserver.com"

          Hash 

    md5hash IN ("dfa96717b69fa69d264a60b9de36f078","0e36cf2719295596da0c7ef10b11df15","1152103edc64ddee7ea4e07cd5dd78ae","328110e6c36cd70edac6bea395c40b18","55cf60a640fc773a7c38de9c5e44da30","1ff108f1bfb39b21db5f1d4f7ad56bf2","363b4f9fdb1e2a5926037b207caecfe5","eed2174f5b87d58b1b0baea0e509e141","04cdff477585cb0747ecd20052f03c2e","d6faa6bd1732517f260d94feb3cdbfc2","deaf955bbf5d66db200e366ae3563eab","1eda7707ef4e03f0b1ab6b6fb96757a6","c56b5f0201a3b3de53e561fe76912bfd","7f5c82eadbaadec6ba2b004fbafa9a31","404bd47f17d482e139e64d0106b8888d","cf16271bfe826db5ef0c1a67433a619f","30997b5e63297c58c4f9fe73c8c200ac","e0768bce522927eb89f74750e09f2a1c","7133ae7dd452aa6469c85e236a59159e","2df579460a76631836d108578af4caa5","d524addd18d8014d72abb9dd172e782d","ef082ddcbf5c94f1da1d2026d36b6b3f","4341f0372eda93afce82908014f420d9","fca4c1908da892161bbf09f1437dade7","b183269587055f35cb23d2d33ff3f5fa","d0ad617ed1812822eebc9592d49a575c","ef9d05bb8a24bec1d94123c90b1268bb","96bb795d111717109fac22f8433c7e27","cac3c4005f952293b38302199494759a","0852c3e7903dd3b1db6a6b232c33a25a","763d557c3e4c57f7d6132a444a930386")

    Reference:

    https://www.trellix.com/blogs/research/onedrive-pastejacking/ 

     

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.