General
-
Target
45a859a41bf60215a6223dfcd33140f474e1ec76cb93ef9fdeb3580fc2920b46
-
Size
5.4MB
-
MD5
8f838cb3c135a75238a70609e6079ad6
-
SHA1
55a7f17e6e8c9dfbf7c048dbc22313db733d8b14
-
SHA256
45a859a41bf60215a6223dfcd33140f474e1ec76cb93ef9fdeb3580fc2920b46
-
SHA512
616b1fd480b52250d17db6d4d64479c707a14f2832b32505b7d0a9ca66c7783a3fb6d9e8090822b8ebd9be2c0f45b5d94f2c924026d7924c9d2e95447043c6eb
-
SSDEEP
98304:YWFAKE5iMasjygI3GfK1Ac4E6T/VOZ8EZOqf9/SWEFYBMMcRZBRk3id:XApiMzjyzz4JVMZeWEFYBDclCid
Malware Config
Signatures
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
45a859a41bf60215a6223dfcd33140f474e1ec76cb93ef9fdeb3580fc2920b46
-
https://mog4040.service-now.com/nav_to.do?uri=%2Fincident.do%3Fsys_id%3D67d1d550db7abf80dfa59644db9619c9%26sysparm_record_list%3Dactive%3Dtrue%5Eassigned_to%3Djavascript:getMyAssignments()%5EstateNOT%20IN6,7,13%5EORDERBYnumber%26sysparm_record_target%3Dincident%26sysparm_record_row%3D1%26sysparm_record_rows%3D5
-
https://docs.microsoft.com/en-us/PowerShell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-6
-
http://KZAKT-SRVINF001.ldc.dunga.kz:8530
-