General
-
Target
a48e966cd95cb95d08c03c931598709bb3633c7886ff45af3034112f575ec1a8
-
Size
4.7MB
-
MD5
5e1ebde8a94ec4b732befc8153844292
-
SHA1
31451025a8ec8936b1ff1c97102b32b3f06a7443
-
SHA256
a48e966cd95cb95d08c03c931598709bb3633c7886ff45af3034112f575ec1a8
-
SHA512
8c840f89bd3904de572b3488d333927d9d622ace8f0dec875bcab912ab0cc2b9a9b233951f534743358d9cd12adf52bffd0728b5dd8ef52ac07f743467400c9d
-
SSDEEP
98304:QL0MOg7HU6lvDCQK4exe1E9QFFFUFPFFFFFhzaXau+qR1QTQrGnBITAcK:QL0MOg7HU6lvDCoexyFFFUFPFFFFFhzh
Malware Config
Signatures
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
a48e966cd95cb95d08c03c931598709bb3633c7886ff45af3034112f575ec1a8
-
http://192.168.0.134:6588/
-
http://192.168.0.134:999/
-
http://new.cc123.com/member/
-
http://new.cc123.com/dede/
-
http://new.cc123.com/a/ASPXSpy2014.aspx
-
http://ww2.cc123.com/admin
-
http://ww2.cc123.com/editor
-
http://ww2.cc123.com/mystat.aspx?style=%3C/script%3E%3Cscript%3Ealert(/xss/)%3C/script%3E%3Cscript%3E
-