Top Tweets for #oleObject
Seems #rtf is loaded by another malicious #doc (external #oleObject #Relationship)
-> /bitly.com/2uIzlx4 (/michiganpppp.com/work/doc/3.doc)
example: https://t.co/AhLwIdligl

#docx has external #Relationship (with type #oleObject) -> #rtf (/idontknow.moe/files/ptceg.doc) -> #exploit -> #pe (/ecuadortrust.org.uk/images/two/dew008.exe) -> #c2 (/zenshinonline.ru/dew8/fre.php)
#rtf
https://t.co/PxWmckMPUL

Interesting #malicious #pdf (in #ACSII format) dumps & launches #docx. docx has an external #Relationship with type #oleObject (/pomf.pyonpyon.moe/lhvazm.doc) -> #rtf file has embedded #OLE obj (#Exploit)
to understand pdf part read: https://t.co/Bg1RMXyZg1 by @DidierStevens

#pptx (ppt\slides\_rels\slide1.xml.rels) contains #external #relationship with type #oleObject (url encoded string) -> #hta (/secured.eroea.com/plugin.hta) -> #NET (/secured.eroea.com/wealth.123)

#docx (external #relationship [type #oleObject]) -> #rtf contains #ole object (#exploit EQNEDT32)
https://t.co/x5nnhKFtR6
rtf: hxxp://i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd/update.wbk
@decalage2 please check the rtf, manually extracted ole is fine.
![DissectMalware's tweet photo. #docx (external #relationship [type #oleObject]) -> #rtf contains #ole object (#exploit EQNEDT32)
https://t.co/x5nnhKFtR6
rtf: hxxp://i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd/update.wbk
@decalage2 please check the rtf, manually extracted ole is fine. https://t.co/bAPrPeULiW](https://pbs.twimg.com/media/DbcmQDcWsAE7ETj.jpg)
complex #malware: #docx (external #Relationshop - type #oleObject) -> #rtf contains 10 #ole -> each has #package (#xlsx) -> #vba macro dls #vbs -> #powershell->#NET. It compiles embedded c# code, dynamically invokes. The code decrypts data stored as a #resource and calls it

#multi #stage: #docx contains external #Relationship elm (#oleObject) -> #rtf doc contains #ole obj --> execs #mshta to dl/exec #hta (#exploit) -> #vbscript runs #powershell to dl #PE file
(All external files are hosted on amazon #aws #s3 @AWS_Security)
https://t.co/p91t424WZL

"How to create an ole .bin". Simple question, no answer. This is why everyone hates Micosoft. #OLEObject #CompoundFileBinaryFormat
Last Seen Hashtags on Sotwe
Aznight
Seen from Canada
nolimit teenagegirls
Seen from Turkey
sislitravesti
Seen from Turkey
junglebunny
Seen from Netherlands
Ixlii
Seen from Singapore
Sklave
Seen from Germany
incest indian
Seen from India
مشاهير_تانجو_لايف
Seen from Qatar
RETWEEET
Seen from Egypt
nolimit filter:videos
Seen from United States
Most Popular Users

Elon Musk 
@elonmusk
240.8M followers

Barack Obama 
@barackobama
119.2M followers

Donald J. Trump 
@realdonaldtrump
111.7M followers

Cristiano Ronaldo 
@cristiano
111.1M followers

Narendra Modi 
@narendramodi
107M followers

Rihanna 
@rihanna
97.8M followers

NASA 
@nasa
92.2M followers

Justin Bieber 
@justinbieber
91M followers

KATY PERRY 
@katyperry
87.9M followers

Taylor Swift 
@taylorswift13
81.8M followers

Lady Gaga 
@ladygaga
73.3M followers

Virat Kohli 
@imvkohli
70.3M followers

Kim Kardashian 
@kimkardashian
69.9M followers

YouTube 
@youtube
68.7M followers

Bill Gates 
@billgates
64M followers

Neymar Jr 
@neymarjr
63.1M followers

The Ellen Show
@theellenshow
62.4M followers

CNN 
@cnn
61.9M followers

Selena Gomez 
@selenagomez
61M followers

X 
@x
60.8M followers






![DissectMalware's tweet photo. #docx (external #relationship [type #oleObject]) -> #rtf contains #ole object (#exploit EQNEDT32)
https://t.co/x5nnhKFtR6
rtf: hxxp://i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd/update.wbk
@decalage2 please check the rtf, manually extracted ole is fine. https://t.co/bAPrPeULiW](https://pbs.twimg.com/media/DbcltDfXcAEqQD7.jpg)
![DissectMalware's tweet photo. #docx (external #relationship [type #oleObject]) -> #rtf contains #ole object (#exploit EQNEDT32)
https://t.co/x5nnhKFtR6
rtf: hxxp://i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd/update.wbk
@decalage2 please check the rtf, manually extracted ole is fine. https://t.co/bAPrPeULiW](https://pbs.twimg.com/media/Dbclm-2XUAI_-rX.jpg)




