a86f7bf6fe1eab25c877fdc745a8b696ac86efe145fa42adadbb164f5517ada3

Sharing

Copy URL

Twitter E-mail

General

Target

a86f7bf6fe1eab25c877fdc745a8b696ac86efe145fa42adadbb164f5517ada3
Size

1.3MB
MD5

8622e712ef414b421cd6422c8c959f86
SHA1

d168dbc45f71ca23de3888c54720240c3f3a0649
SHA256

a86f7bf6fe1eab25c877fdc745a8b696ac86efe145fa42adadbb164f5517ada3
SHA512

c1a741ba5fca7a40da109b9da78177532b15e55e5b6fc0965191e3aa2bc1d12bcdf94642516276c44036f2fa4ce686f5b6db92cdfd851551081ad7032b3343e4
SSDEEP

24576:m2l0y3O3kiC8ONX3IDsV5GS1qt3jEHVgvYbFAG9+KydT6bPW:iy3YCVV3I3gHioF59MujW

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
pdf link

Processes:

resource yara_rule

sample pdf_with_link_action
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

resource	yara_rule
sample	pdf_with_link_action

Files

a86f7bf6fe1eab25c877fdc745a8b696ac86efe145fa42adadbb164f5517ada3
.pdf
- https://github.com/apthunting/APT-Hunter
- https://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdfhttps://github.com/mandiant/ShimCacheParserhttp://binaryforay.blogspot.com/2015/05/introducing-appcompatcacheparser.htmlwww.woanware.co.uk/forensics/shimcacheparser.htmlHunting
- http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.htmlhttps://github.com/williballenthin/python-registry/blob/master/samples/amcache.pyhttp://binaryforay.blogspot.com/2015/07/amcacheparser-reducing-noise-finding.html13AmCache
- http://journeyintoir.blogspot.in/2013/12/revealing-recentfilecachebcf-file.htmlhttps://github.com/sysforensics/RecentFileCacheParser15RecentFileCache
- http://carnal0wnage.attackresearch.com/2012/04/privilege-escalation-via-sticky-keys.htmlhttp://zachgrace.com/2015/03/23/hunting-sticky-keys-backdoors.htmlhttp://www.crowdstrike.com/blog/registry-analysis-with-crowdresponse/17Sticky
- http://la.trendmicro.com/media/misc/understanding-wmi-malware-research-paper-en.pdfhttps://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdfhttps://dl.mandiant.com/EE/library/MIRcon2014/MIRcon_2014_IR_Track_There%27s_Something_About_WMI.pdfhttps://github.com/PowerShellEmpire/Empire
- https://github.com/PowerShellMafia/PowerSploit
- https://www.secureworks.com/blog/wmi-persistence23WMI
- https://www.trustedsec.com/april-2015/dumping-wdigest-creds-with-meterpreter-mimikatzkiwi-in-windows-8-1https://adsecurity.org/?p=55926WDigest
- https://www.blackhat.com/docs/webcast/09172015-leveraging-proactive-defense-rsa.pdfhttps://github.com/sans-dfir/sift-files/blob/master/scripts/jobparse.pl29Scheduled
- https://digital-forensics.sans.org/media/poster_2014_find_evil.pdfIntrusion
- https://github.com/apthunting/APT-HunterHaoWang:
- Show all