Overview

overview

4

Static

static

4

kql_cheat_sheet.pdf

windows7-x64

1

kql_cheat_sheet.pdf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    kql_cheat_sheet.pdf

  • Size

    335KB

  • MD5

    780630debc4d5df5bf62a7f00afef0f9

  • SHA1

    d4d7ddb0784104907d1b87d2c3d56fe0b7f8f9d8

  • SHA256

    8c7b54e3a88628584d279ec21bad1bda164ccf5d37b47747d25ff185147e7cdb

  • SHA512

    36e537f91a4ca14697a42bf017b449c383e39e3032e9c07e6aee6f0e1b4615ce13984de3a69b6a1ad517ed297e80b84af1b65861b275925001db29f92cbbbec4

  • SSDEEP

    6144:hD2iHDbP1PUg4F3p/00ae/60tcvV3cNtghtT4rpylC1ykAvrG+6Y0Kxw+gQd:hxHDbP1PUgHM/AvV3WwtPlCIxrG+69Qd

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • kql_cheat_sheet.pdf
    .pdf

    Password: infected

    • https://github.com/marcusbakker/KQL/blob/master/kql_cheat_sheet.pdf

    • https://twitter.com/Bakk3rM

    • https://aka.ms/lademo

    • https://docs.microsoft.com/en-us/azure/kusto/query/

    • https://docs.microsoft.com/en-us/azure/kusto/query/scalar-data-types/string

    • https://docs.microsoft.com/en-us/azure/kusto/query/whereoperator

    • https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/has-operator

    • https://docs.microsoft.com/en-us/azure/kusto/query/countoperator

    • https://docs.microsoft.com/en-us/azure/kusto/query/agofunction

    • Show all