China-Linked Cyber Actors Hide in Router Firmware[.]pdf

Sharing

Copy URL

Twitter E-mail

General

Target

China-Linked Cyber Actors Hide in Router Firmware.pdf
Size

651KB
MD5

25a175cc62c22b8246f2c7f7f2230757
SHA1

e2c8bde5a7ba2ea24174ff309e0647525bea1605
SHA256

c98a3d79bda15c171adfc6d364937f9d64bde017df5282e7f99bc56ba93fcbfe
SHA512

a31aa76d35af21d3429bd3042037fdc7991568ce887e133f66397ee949a5fabfa426e4192a74b4b2fceafc5c55a220b642d05a059217860b8a76cdfdc1a96824
SSDEEP

12288:HOvoQ/p22rj2Oh6z+U6Rlr9pr45X7COVjNI8Ld05y0NuIMiRoqmZW3dw/wn+5VOZ:HOvJBF2OEyDjydtdq2qmENl+nOojCBfJ

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

China-Linked Cyber Actors Hide in Router Firmware.pdf
.pdf
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-158a
- https://attack.mitre.org/versions/v13/matrices/enterprise
- https://attack.mitre.org/versions/v13/techniques/T1562/
- https://attack.mitre.org/versions/v13/techniques/T1199/
- https://attack.mitre.org/versions/v13/software/S0574/
- https://attack.mitre.org/versions/v13/software/S0436/
- https://attack.mitre.org/versions/v13/software/S0696/
- https://attack.mitre.org/versions/v13/software/S0435/
- https://attack.mitre.org/versions/v13/software/S0579/
- https://attack.mitre.org/versions/v13/tactics/TA0005/
- https://attack.mitre.org/versions/v13/techniques/T1588/003/
- https://attack.mitre.org/versions/v13/techniques/T1553/002/
- https://attack.mitre.org/versions/v13/techniques/T1112/
- https://attack.mitre.org/versions/v13/techniques/T1021/001/
- https://attack.mitre.org/versions/v13/techniques/T1021/004/
- https://attack.mitre.org/versions/v13/tactics/TA0007/
- https://attack.mitre.org/versions/v13/techniques/T1071/002/
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
- https://attack.mitre.org/versions/v13/tactics/TA0001/
- https://attack.mitre.org/versions/v13/tactics/TA0011/
- https://attack.mitre.org/versions/v13/techniques/T1090/002/
- https://attack.mitre.org/versions/v13/techniques/T1542/004/
- https://attack.mitre.org/versions/v13/techniques/T1205/
- https://attack.mitre.org/versions/v13/tactics/TA0004/
- https://attack.mitre.org/versions/v13/tactics/TA0003/
- https://attack.mitre.org/versions/v13/techniques/T1556/004/
- https://attack.mitre.org/versions/v13/techniques/T1562/003/
- https://attack.mitre.org/versions/v13/techniques/T1601/002/
- https://attack.mitre.org/versions/v13/techniques/T1601/001/
- https://attack.mitre.org/versions/v13/techniques/T1553/006/
- https://attack.mitre.org/versions/v13/techniques/T1562/006/
- https://attack.mitre.org/versions/v13/techniques/T1562/001/
- https://media.defense.gov/2022/Jun/07/2003013376/-1/-1/0/CSA_PRC_SPONSORED_CYBER_ACTORS_EXPLOIT_NETWORK_PROVIDERS_DEVICES_TLPWHITE.PDF
- https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_PRC_State_Sponsored_Cyber_Living_off_the_Land_v1.1.PDF
- https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF
- https://media.defense.gov/2020/Sep/17/2002499616/-1/-1/0/PERFORMING_OUT_OF_BAND_NETWORK_MANAGEMENT20200911.PDF
- https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954
- https://www.cisa.gov/report
- https://attack.mitre.org/versions/v13/techniques/T1090/
- http://cisa.gov/tlp/.
- http://nsa.gov
- http://cyber.nsa.gov
- http://cisa.dhs.gov
- http://cisa.gov/report,
- Show all