6f543ddaa758214dcd3513fcffc80a133a4bcc6fe463975b081fb7bb31c5b644

Sharing

Copy URL

Twitter E-mail

General

Target

6f543ddaa758214dcd3513fcffc80a133a4bcc6fe463975b081fb7bb31c5b644
Size

2.7MB
MD5

664d09094bc6440acb111af34660b2b5
SHA1

ac486638348753e8b65cbdcd68153f9db31da2db
SHA256

6f543ddaa758214dcd3513fcffc80a133a4bcc6fe463975b081fb7bb31c5b644
SHA512

66d9de1b7d4152436e2945e5e3c1920653c455f413a75a1497fc6bff7bdc9f94f027a7c9284604c3a500ff6bddc25d4993f09a48103cec3dbdf6d4146064d1da
SSDEEP

49152:nyuRiVw40dpnaVL2D20mdsDzylXxfsKcGfNudssWypDOQtF0goZnls:yuRiv0jaVL2D22WdlsxGfAd3pDOWaj+

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
pdf link

Processes:

resource yara_rule

sample pdf_with_link_action
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

resource	yara_rule
sample	pdf_with_link_action

Files

6f543ddaa758214dcd3513fcffc80a133a4bcc6fe463975b081fb7bb31c5b644
.pdf
- https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild
- https://www.bleepingcomputer.com/news/security/actively-exploited-bug-bypasses-authentication-on-millions-of-routers/
- https://blog.cloudflare.com/cloudflare-thwarts-17-2m-rps-ddos-attack-the-largest-ever-reported/
- https://www.bleepingcomputer.com/news/security/http-ddos-attacks-reach-unprecedented-17-million-requests-per-second/
- https://info.varonis.com/saasrisk
- https://www.varonis.com/blog/saas-risk-report/
- https://itwire.com/security/44-of-cloud-privileges-are-misconfigured,-warns-varonis.html
- https://labs.bishopfox.com/tech-blog/youre-doing-iot-rng
- https://duo.com/decipher/fundamental-flaw-in-rngs-affects-many-iot-devices
- https://thehackernews.com/2021/08/a-critical-random-number-generator-flaw.html
- https://www.throughtek.com/please-update-the-sdk-version-to-minimize-the-risk-of-sensitive-information-being-accessed-by-unauthorized-third-party/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-229-01
- https://www.bleepingcomputer.com/news/security/critical-bug-impacting-millions-of-iot-devices-lets-hackers-spy-on-you/
- https://www.theblockcrypto.com/post/114045/at-least-611-million-stolen-in-massive-cross-chain-hack
- https://www.bleepingcomputer.com/news/security/over-600-million-reportedly-stolen-in-cryptocurrency-hack/
- https://twitter.com/Liquid_Global/status/1428176357515612165
- https://www.bleepingcomputer.com/news/security/liquid-cryptocurency-exchange-loses-over-90-million-following-hack/
- https://twitter.com/_jeffnicholas_/status/1430046727843717125
- https://twitter.com/natechastain
- https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/
- https://www.cisa.gov/news/2021/08/05/cisa-launches-new-joint-cyber-defense-collaborative
- https://www.bleepingcomputer.com/news/security/cisa-teams-up-with-microsoft-google-amazon-to-fight-ransomware/
- https://www.titanhq.com/blog/the-fake-job-offer-scam-on-linkedin/
- https://www.bleepingcomputer.com/news/security/you-can-post-linkedin-jobs-as-any-employer-so-can-attackers/
- https://gadgets.ndtv.com/apps/news/google-play-protect-android-malware-protection-failed-false-detection-rate-av-test-2497882
- https://itwire.com/guest-articles/google-play-protect-detects-only-31-of-android-stalkerware.html
- https://atlasvpn.com/blog/google-play-protect-detects-only-31-of-android-stalkerware
- https://www.trendmicro.com/en_us/research/21/h/fake-cryptocurrency-mining-apps-trick-victims-into-watching-ads-.html
- https://threatpost.com/bogus-cryptomining-apps-google-play/168785/
- https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
- https://www.bleepingcomputer.com/news/security/flytrap-malware-hijacks-thousands-of-facebook-accounts/
- https://threatpost.com/t-mobile-investigates-100m-records/168689/
- https://www.bleepingcomputer.com/news/security/t-mobile-confirms-servers-were-hacked-investigates-data-breach/
- https://www.synology.com/zh-tw/company/news/article/BruteForce/%E7%BE%A4%E6%9A%89%E7%A7%91%E6%8A%80%20Synology%C2%AE%E9%97%9C%E5%BF%83%E6%82%A8%E7%9A%84%E8%B3%87%E6%96%99%E5%AE%89%E5%85%A8%EF%BC%8C%E5%BB%BA%E8%AD%B0%E6%89%80%E6%9C%89%E4%BD%BF%E7%94%A8%E8%80%85%E5%BC%B7%E5%8C%96%E5%B8%B3%E8%99%9F%E8%88%87%E5%AF%86%E7%A2%BC%E5%AE%89%E5%85%A8%E8%A8%AD%E5%AE%9A
- https://www.synology.com/zh-tw/dsm/solution/ransomware
- https://kb.synology.com/zh-tw/DSM/tutorial/How_to_add_extra_security_to_your_Synology_NAS
- https://kb.synology.com/zh-tw/DSM/tutorial/How_to_back_up_your_data_to_a_remote_Synology_NAS_or_file_server_with_Hyper_Backup
- https://kb.synology.com/zh-tw/DSM/tutorial/How_to_back_up_your_data_to_cloud_services_with_Hyper_Backup
- https://twitter.com/gentilkiwi/status/1416429860566847490
- https://www.bleepingcomputer.com/news/microsoft/remote-print-server-gives-anyone-windows-admin-privileges-on-a-pc/
- https://www.blackhat.com/us-21/briefings/schedule/index.html#proxylogon-is-just-the-tip-of-the-iceberg-a-new-attack-surface-on-microsoft-exchange-server-23442
- https://twitter.com/GossiTheDog/status/1422178411385065476
- https://twitter.com/GossiTheDog/status/1423997607211327491
- https://pagecrafter.com/fake-ddos-attack-email/
- https://twitter.com/mesa_matt/status/1430974685110587395
- https://www.bleepingcomputer.com/news/security/fake-dmca-complaints-ddos-threats-lead-to-bazaloader-malware/
- https://chaosdb.wiz.io/
- https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data?tabs=using-primary-key#primary-keys
- https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-azure-customers-of-critical-cosmos-db-vulnerability/
- https://robertwillishacking.com/ford-breach-august-2021-disclosure/
- https://robertwillishacking.com/cve-2021-27653-march-2021/
- https://www.bleepingcomputer.com/news/security/ford-bug-exposed-customer-and-employee-records-from-internal-systems/
- https://twitter.com/j0nh4t/status/1429049506021138437
- https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948
- https://www.securityweek.com/microsoft-patch-tuesday-windows-flaw-under-active-attack
- https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fixes-3-zero-days-44-flaws/
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10231
- https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
- https://securingsam.com/realtek-vulnerabilities-weaponized/
- https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
- https://www.bleepingcomputer.com/news/security/botnet-targets-hundreds-of-thousands-of-devices-using-realtek-sdk/
- https://docs.google.com/forms/d/e/1FAIpQLSeI88ffRxt-Z7yiGWHH5hqkwomBhLwREH5zx6PZOm4hPlRDnQ/viewform
- https://docs.google.com/forms/d/e/1FAIpQLSdtxecPujfgQUn5CyvBXgNM1ZiBFM6byHDiyNrr-1jo_3GuvQ/viewform
- https://www.cisanet.org.tw/News/activity_more?id=MjY0OA==
- https://opm.twnic.tw/36th/index.html
- https://www.cisanet.org.tw/News/activity_more?id=MjY0NQ==
- https://www.cisanet.org.tw/News/activity_more?id=MjY0NA==
- https://hitcon.kktix.cc/events/hitcon-training-2021
- https://docs.google.com/forms/d/e/1FAIpQLSeI88ffRxt-Z7yiGWHH5hqkwomBhLwREH5zx6PZOm4hPlRDnQ/viewformen-US
- https://docs.google.com/forms/d/e/1FAIpQLSdtxecPujfgQUn5CyvBXgNM1ZiBFM6byHDiyNrr-1jo_3GuvQ/viewformen-US
- http://nkust.edu.tw
- https://www.cisanet.org.tw/News/activity_more?id=MjY0OA==en-US
- http://cisanet.org.tw
- https://opm.twnic.tw/36th/index.htmlen-US
- https://www.cisanet.org.tw/News/activity_more?id=MjY0NQ==en-US
- https://www.cisanet.org.tw/News/activity_more?id=MjY0NA==en-US
- https://hitcon.kktix.cc/events/hitcon-training-2021en-US
- http://cert.org.tw
- https://twcert.org.tw
- http://twcert.pixnet.net/blog
- https://www.facebook.com/twcertcc/
- https://www.instagram.com/twcertcc/
- Show all