So ... if you have main domain from #TA505 TTPs and want to download the dropper file from actual subdomain , following is the method
So, found 2 TTPs today from twitter
But, subdomains are not there. Without disturbing the poster, goto https://[DOMAIN]
It will show you a certificate error page. Click on Advanced .
Following section will open , click on View Certificate.
![](https://krishnendu.com/content/images/2020/06/2020-06-16-11_10_17-.png)
Now you can see subdomain names which are distributing the actual dropper files.
![](https://krishnendu.com/content/images/2020/06/Annotation-2020-06-16-111134.png)
Now use that subdomain and add /download.php at end to download actual dropper excel file.