Tweet URL - https://twitter.com/Max_Mal_/status/1636142019490766848?s=20 | Hacker Trends

Max_Malyutin on Twitter: "#Emotet Weaponized OneNote Infection #TTP 🚨 Exec Flow #DFIR: OneNote.exe > Wscript.exe > Regsvr32.exe [+] VBScript T1059.005: .wsf (download and exec DLL loader) [+] Regsvr32 T1218.010: DLL loader exec from OneNote Exported path C2: 91.121.146[.]47 Port:8080 https://t.co/fHxr86AlUc" / Twitter

https://twitter.com/Max_Mal_/status/1636142019490766848?s=20

https://twitter.com/home/status/1638263045385343004

https://twitter.com/home/status/1638264294801395716

https://twitter.com/home/status/1638267279338090498

https://twitter.com/home/status/1638269273595322370

https://twitter.com/home/status/1638269719437275139

https://twitter.com/home/status/1638271909619027980