8eb1fffdbfcb419cf15e8883316b5b5099d98b914ce622978f718952e7062d2b

Sharing

Copy URL Twitter E-mail

General

Target

8eb1fffdbfcb419cf15e8883316b5b5099d98b914ce622978f718952e7062d2b
Size

1.7MB
MD5

62008e04d8934875df008757157a7ee7
SHA1

9346ca0df5ea98db16418152a4d5c1a514093b16
SHA256

8eb1fffdbfcb419cf15e8883316b5b5099d98b914ce622978f718952e7062d2b
SHA512

a68bedfdf7a082d0e87f4d6ecf523654745b9f4b01a70c23a190683326d4634000086b1ece59b10029621cb61d3e1c6b8feaf218e118ee13056532e42d9d860a
SSDEEP

49152:iGXRrY89AjyzXTZEEvFeehbFTRgEbQ+AKUPtCs782YLvVMO:frJ9AGTm8FJRgEZB2CW8P7VMO

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

8eb1fffdbfcb419cf15e8883316b5b5099d98b914ce622978f718952e7062d2b
.pdf
- https://github.com/AustralianCyberSecurityCentre/windows_event_logging
- https://www.ssi.gouv.fr/windows-restrictions-logicielles
- https://www.ssi.gouv.fr/guide/attaques-par-rancongiciels-tous-concernes-comment-les-anticiper-et-reagir-en-cas-dincident
- https://www.ssi.gouv.fr/guide/la-methode-ebios-risk-manager-le-guide
- https://www.ssi.gouv.fr/securisation-admin-si
- https://www.ssi.gouv.fr/journalisation
- https://www.ssi.gouv.fr/uploads/2014/12/pdis_referentiel_v2.0.pdf
- https://www.ssi.gouv.fr/uploads/2014/12/pris_referentiel_v2.0.pdf
- https://services.renater.fr/ntp/serveurs_francais
- https://www.etalab.gouv.fr/licence-ouverte-open-licence
- https://github.com/ANSSI-FR/guide-journalisation-microsoft/blob/main/Example_of_ManifestProvider.xml
- https://github.com/ANSSI-FR/guide-journalisation-microsoft/blob/main/Example_of_sysmon_deployment_script.ps1
- https://github.com/ANSSI-FR/guide-journalisation-microsoft/blob/main/Example_of_immediate_scheduled_task.xml
- https://github.com/ANSSI-FR/guide-journalisation-microsoft/blob/main/Standard_WEC_query.xml
- https://github.com/ANSSI-FR/guide-journalisation-microsoft/blob/main/Restrict_PowerShell_plugins_to_WEF_only.ps1
- https://github.com/ANSSI-FR/guide-journalisation-microsoft/blob/main/Change_SDDL_of_PowerShell_operational_log.ps1
- https://github.com/ANSSI-FR/guide-journalisation-microsoft/blob/main/Configure-Channel.ps1
- https://technet.microsoft.com/en-US/library/hh147307(v=ws.10).aspx
- https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists
- https://docs.microsoft.com/en-US/windows/security/threat-protection/auditing/advanced-security-auditing-faq
- https://support.microsoft.com/en-US/help/4494462/events-not-forwarded-if-the-collector-runs-windows-server
- https://support.microsoft.com/en-US/help/223346/fsmo-placement-and-optimization-on-active-directory-domain-controllers
- https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v=ws.11)
- https://docs.microsoft.com/en-us/windows/win32/wes/writing-an-instrumentation-manifest
- https://docs.microsoft.com/en-US/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos
- https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kerberos-authentication-problems-if-user-belongs-to-groups
- https://docs.microsoft.com/en-US/archive/blogs/russellt/creating-custom-windows-event-forwarding-logs
- https://docs.microsoft.com/en-US/troubleshoot/windows-server/system-management-components/what-is-microsoft-management-console
- https://docs.microsoft.com/en-US/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level
- https://docs.microsoft.com/en-US/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers
- https://docs.microsoft.com/en-US/windows-server/networking/windows-time-service/how-the-windows-time-service-works
- https://docs.microsoft.com/en-US/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731191(v=ws.10)
- https://docs.microsoft.com/en-US/security/compass/privileged-access-access-model
- https://docs.microsoft.com/en-US/powershell/module/microsoft.powershell.core/about/about_signing?view=powershell-7.1
- https://docs.microsoft.com/en-US/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction
- https://docs.microsoft.com/en-US/windows/security/threat-protection/auditing/event-4663
- https://docs.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-definition-language-for-conditional-aces-
- https://docs.microsoft.com/en-us/windows-server/administration/software-inventory-logging/get-started-with-software-inventory-logging
- https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
- https://support.microsoft.com/en-us/topic/march-2016-anti-malware-platform-update-for-endpoint-protection-clients-d99f5dc9-b7a0-bdb2-5161-3efc43d889fa
- https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/service-accounts#virtual-accounts
- https://developer.microsoft.com/en-us/windows/downloads/sdk-archive/
- https://docs.microsoft.com/en-US/windows/win32/wec/setting-up-a-source-initiated-subscription
- https://docs.microsoft.com/en-US/windows-server/administration/windows-commands/wecutil
- https://docs.microsoft.com/en-US/windows-server/identity/ad-ds/plan/security-best-practices/monitoring-active-directory-for-signs-of-compromise
- https://docs.microsoft.com/en-US/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
- https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection
- https://support.microsoft.com/en-us/help/4494356/best-practice-eventlog-forwarding-performance
- https://docs.microsoft.com/en-US/windows-server/administration/windows-commands/wevtutil
- https://docs.microsoft.com/en-US/windows/win32/winrm/proxy-servers-and-winrm
- https://github.com/palantir/windows-event-forwarding
- https://github.com/olafhartong/sysmon-modular
- https://github.com/SwiftOnSecurity/sysmon-config
- Show all