e2c6d3200999efb14af90cd100e58cb64e081095510fd13b738eceb8a80424cf

Sharing

Copy URL

Twitter E-mail

General

Target

e2c6d3200999efb14af90cd100e58cb64e081095510fd13b738eceb8a80424cf
Size

3.5MB
MD5

e53a21887aefcb6716cd58f0ef191aa0
SHA1

34efa31964c24520835da3621a95beca13a14cca
SHA256

e2c6d3200999efb14af90cd100e58cb64e081095510fd13b738eceb8a80424cf
SHA512

bb8a4cc005dd5b77fba0533904089385d07e1899c0aa68a6d1a0c4da1ebaa651642aa562413c663c882399a5a2e0161993ed83bba66ed0bfacf18c9d97a80283
SSDEEP

98304:dYgzDtJEb1/8oEkjAENPK2tFLDZah2uHDA8j4yd+MFLnXf:WKDnkXRvZmHDAdy0MFLnXf

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

e2c6d3200999efb14af90cd100e58cb64e081095510fd13b738eceb8a80424cf
.pdf
- https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/
- https://malpedia.caad.fkie.fraunhofer.de/details/win.icedid
- https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/
- https://thedfirreport.com/2021/05/12/conti-ransomware/
- https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
- https://twitter.com/infosecfu/status/1468955220059168785?s=20&t=_fCNcLM-nx1e8EHbyA6z3A
- https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/
- https://www.atera.com/remote-monitoring-and-management/
- https://www.splashtop.com/
- https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1
- https://github.com/darkoperator/Veil-PowerView/blob/master/PowerView/functions/Invoke-ShareFinder.ps1
- https://thedfirreport.com/2020/05/08/adfind-recon/
- https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699
- https://thedfirreport.com/services/
- https://www.patreon.com/thedfirreport
- https://twitter.com/0xtornado
- https://twitter.com/yatinwad
- https://twitter.com/MetallicHack
- https://twitter.com/_pete_0
- https://twitter.com/hashtag/ContactForms?src=hash&ref_src=twsrc%5Etfw
- https://t.co/uc4QkLQt4b
- https://twitter.com/hashtag/IcedID?src=hash&ref_src=twsrc%5Etfw
- https://t.co/1O3TYQYP1i
- https://twitter.com/abuse_ch?ref_src=twsrc%5Etfw
- https://t.co/ZNwTD5rH7U
- https://twitter.com/infosecfu/status/1468955220059168785?ref_src=twsrc%5Etfw
- https://tria.ge/211209-rt5zqscca5
- https://attack.mitre.org/techniques/T1219/
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-002.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-003.png
- https://www.atera.com/
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-004.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-005.png
- https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--9000-11999-
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-006.png
- https://github.com/WazeHell/sam-the-admin/
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-007.png
- https://attack.mitre.org/techniques/T1562/001/
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-008.png
- https://attack.mitre.org/techniques/T1003/001/
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-009.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-010.png
- https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights
- https://attack.mitre.org/techniques/T1518/001/
- https://attack.mitre.org/techniques/T1614/001/
- https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/chcp
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-011.png
- https://attack.mitre.org/techniques/T1018
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-012.png
- https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-013.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-014.png
- https://attack.mitre.org/techniques/T1049
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-015.png
- https://attack.mitre.org/techniques/T1083
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-016.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-017.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-018-2.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-019.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-020.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-021.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-022.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-023.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-024.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-025.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-026.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-027.png
- https://rules.emergingthreats.net/
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-028.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-029.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-030.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-031.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-032.png
- https://cybergeeks.tech/dissecting-the-last-version-of-conti-ransomware-using-a-step-by-step-approach/
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-033.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-034.png
- https://thedfirreport.com/wp-content/uploads/2022/04/9438-035.png
- https://github.com/SigmaHQ/sigma/blob/master/rules/windows/deprecated/sysmon_mimikatz_detection_lsass.yml
- https://github.com/SigmaHQ/sigma/blob/11b6b24660c045bb907ed43cfe007349764173bc/rules/windows/powershell/powershell_script/posh_ps_powerview_malicious_commandlets.yml
- https://github.com/SigmaHQ/sigma/blob/071bcc292362fd3754a2da00878bba4bae1a335f/rules/windows/process_creation/proc_creation_win_ad_find_discovery.yml
- https://github.com/SigmaHQ/sigma/blob/6b3fc11a48e8aa2773dfe266c3be11e4c4c973a5/rules/windows/process_creation/proc_creation_win_powershell_defender_disable_feature.yml
- https://github.com/SigmaHQ/sigma/blob/eb382c4a59b6d87e186ee269805fe2db2acf250e/rules/windows/builtin/security/win_admin_share_access.yml
- https://github.com/SigmaHQ/sigma/blob/04f72b9e78f196544f8f1331b4d9158df34d7ecf/rules/windows/builtin/application/win_software_atera_rmm_agent_install.yml
- https://github.com/SigmaHQ/sigma/blob/8bb3379b6807610d61d29db1d76f5af4840b8208/rules/windows/process_creation/proc_creation_win_trust_discovery.yml
- https://github.com/SigmaHQ/sigma/blob/becf3baeb4f6313bf267f7e8d6e9808fc0fc059c/rules/windows/process_creation/proc_creation_win_susp_recon_activity.yml
- https://github.com/SigmaHQ/sigma/blob/e049058d14dd9ec09771b38ed4d59e8b49ba1bad/rules/windows/builtin/security/win_security_cobaltstrike_service_installs.yml
- Show all