3304bfed64519621cb1401f8a6d3ba6982ecb79ab8685ded5d790b412553f1a7

Sharing

Copy URL

Twitter E-mail

General

Target

3304bfed64519621cb1401f8a6d3ba6982ecb79ab8685ded5d790b412553f1a7
Size

678KB
MD5

8a362587182b45030407a61d5fd07ee8
SHA1

668568ba2b0d9264a64758ccaea3f4fc890c3b95
SHA256

3304bfed64519621cb1401f8a6d3ba6982ecb79ab8685ded5d790b412553f1a7
SHA512

09d0160aefd224da8cfb17b7f9bc4c8e96036303417a3d3854e19b129d3065107bb01d7d3ab5e19453027ce0ea5cda850c6c75d3bc206dd2a4ff934fdc0275b2
SSDEEP

12288:wApiKmm71sIdKVMEiTFhg48rgV22h8krffffffff/OClzO9jmLpIrVoI+IrLgIje:wA0KAVMnFCMh8B469Km6YDuaDe5

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

3304bfed64519621cb1401f8a6d3ba6982ecb79ab8685ded5d790b412553f1a7
.pdf
- https://pages.nist.gov/800-63-3/
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#SystemBackups2R
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#SeparatingUserandPrivilegedAccounts2E
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#ChangingDefaultPasswords2A
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#DeploySecurityTXTFiles4C
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#DisableMacrosbyDefault2N
- https://www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#NoExploitableServicesontheInternet2W
- https://www.cisecurity.org/insights/spotlight/edr-spotlight-module
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#LogCollection2T
- https://www.cisa.gov/resources-tools/resources/guide-securing-remote-access-software
- https://www.cisa.gov/resources-tools/resources/secure-by-design
- https://www.cisa.gov/securebydesign
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals
- https://attack.mitre.org/versions/v14/techniques/T1657/
- https://attack.mitre.org/versions/v14/techniques/T1490/
- https://attack.mitre.org/versions/v14/techniques/T1486/
- https://attack.mitre.org/versions/v14/techniques/T1567/002/
- https://attack.mitre.org/versions/v14/techniques/T1048/
- https://attack.mitre.org/versions/v14/tactics/TA0010/
- https://attack.mitre.org/versions/v14/techniques/T1219/
- https://attack.mitre.org/versions/v14/techniques/T1105/
- https://attack.mitre.org/versions/v14/techniques/T1071/002/
- https://attack.mitre.org/versions/v14/techniques/T1001/003/
- https://attack.mitre.org/versions/v14/techniques/T1560/
- https://attack.mitre.org/versions/v14/techniques/T1087/002/
- https://attack.mitre.org/versions/v14/techniques/T1083/
- http://attack.mitre.org/versions/v14/techniques/T1082/
- https://attack.mitre.org/versions/v14/techniques/T1057/
- https://attack.mitre.org/versions/v14/techniques/T1555/005/
- https://attack.mitre.org/versions/v14/techniques/T1555/003/
- https://attack.mitre.org/versions/v14/techniques/T1555/
- https://attack.mitre.org/versions/v14/techniques/T1110/
- https://attack.mitre.org/versions/v14/techniques/T1003/005/
- https://attack.mitre.org/versions/v14/techniques/T1003/001/
- https://attack.mitre.org/versions/v14/techniques/T1562/004/
- https://attack.mitre.org/versions/v14/techniques/T1562/
- https://attack.mitre.org/versions/v14/techniques/T1218/005/
- https://attack.mitre.org/versions/v14/techniques/T1140/
- https://attack.mitre.org/versions/v14/techniques/T1027/009/
- https://attack.mitre.org/versions/v14/techniques/T1027/002/
- https://attack.mitre.org/versions/v14/techniques/T1134/002/
- https://attack.mitre.org/versions/v14/techniques/T1134/001/
- https://attack.mitre.org/versions/v14/techniques/T1055/004/
- https://attack.mitre.org/versions/v14/techniques/T1055/002/
- https://attack.mitre.org/versions/v14/tactics/TA0004/
- https://attack.mitre.org/versions/v14/techniques/T1547/001/
- https://attack.mitre.org/versions/v14/techniques/T1204/002/
- https://attack.mitre.org/versions/v14/techniques/T1106/
- https://attack.mitre.org/versions/v14/techniques/T1059/003/
- http://attack.mitre.org/versions/v14/techniques/T1047/
- https://attack.mitre.org/versions/v14/techniques/T1566/001/
- https://attack.mitre.org/versions/v14/techniques/T1133/
- https://attack.mitre.org/versions/v14/techniques/T1078/
- https://attack.mitre.org/versions/v14/techniques/T1588/002/
- https://attack.mitre.org/versions/v14/techniques/T1585/
- https://attack.mitre.org/versions/v14/techniques/T1598/
- https://attack.mitre.org/versions/v14/techniques/T1595/001/
- https://attack.mitre.org/versions/v14/techniques/T1593/
- https://github.com/Cisco-Talos/IOCs/blob/main/2023/11/deep-dive-into-phobos-ransomware.txt
- https://www.virustotal.com/gui/file/f1425cff3d28afe5245459afa6d7985081bc6a62f86dce64c63daeb2136d7d2c
- https://www.virustotal.com/gui/ip-address/185.202.0.111/relations%20Win32.exe%20file%20cobaltstrike_shellcode.exe%20last%20scanned%20September%202023
- https://www.virustotal.com/gui/file/7451be9b65b956ee667081e1141531514b1ec348e7081b5a9cd1308a98eec8f0
- https://www.virustotal.com/gui/file/0000599cbc6e5b0633c5a6261c79e4d3d81005c77845c6b0679d854884a8e02f
- https://www.virustotal.com/gui/domain/demstat577d.xyz
- https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/
- https://attack.mitre.org/versions/v14/techniques/T1047/
- https://www.truesec.com/hub/blog/a-case-of-the-faust-ransomware
- https://attack.mitre.org/versions/v14/techniques/T1082/
- https://attack.mitre.org/versions/v14/software/S0002/
- https://attack.mitre.org/versions/v14/software/S0521/
- https://www.comparitech.com/net-admin/phobos-ransomware/
- https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
- https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader
- https://any.run/malware-trends/smoke
- https://www.malwarebytes.com/blog/news/2019/07/a-deep-dive-into-phobos-ransomware
- https://therecord.media/romanian-hospitals-offline-after-ransomware-attack
- https://www.infosecurity-magazine.com/news/phobos-ransomware-new-faust-variant/
- https://github.com/cisagov/Decider/
- https://www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping
- https://attack.mitre.org/versions/v14/matrices/enterprise/
- https://www.cisa.gov/sites/default/files/2024-02/AA24-060A-StopRansomware-Phobos-Ransomware.stix_.json
- https://www.cisa.gov/sites/default/files/2024-02/AA24-060A.stix_.xml
- https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html
- https://www.privacyaffairs.com/moral-8-base-ransomware-targets-2-new-victims/
- https://www.cisa.gov/stopransomware
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://www.fbi.gov/contact-us/field-offices/
- https://www.ic3.gov/
- https://usdhs.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Publications/Finals%20from%20PD%20for%20Staging,%20Posting,%20Archives/CY24/AA24-060A%20phobos%20ransomware/f1425cff3d28afe5245459afa6d7985081bc6a62f86dce64c63daeb2136d7d2c
- https://usdhs.sharepoint.com/teams/JCDC-ProductionOffice/Shared%20Documents/Publications/Finals%20from%20PD%20for%20Staging,%20Posting,%20Archives/CY24/AA24-060A%20phobos%20ransomware/7451be9b65b956ee667081e1141531514b1ec348e7081b5a9cd1308a98eec8f0
- https://www.cisa.gov/sites/default/files/2023-06/Guide%20to%20Securing%20Remote%20Access%20Software_clean%20Final_508c.pdf
- https://github.com/cisagov/cset/releases/tag/v10.3.0.0
- https://www.cisa.gov/cyber-hygiene-services
- https://www.cisecurity.org/insights/white-papers/ransomware-defense-in-depth
- https://www.cisa.gov/resources-tools/resources/stopransomware-guide
- https://www.stopransomware.gov/
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#SecureSensitiveData2L
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#StrongandAgileEncryption2K
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#EmailSecurity2M
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#ProhibitConnectionofUnauthorizedDevices2V
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#DetectingRelevantThreatsandTTPs3A
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#NetworkSegmentation2F
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#PhishingResistantMultifactorAuthenticationMFA2H
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#DetectionofUnsuccessfulAutomatedLoginAttempts2G
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#UniqueCredentials2C
- https://www.cisa.gov/cross-sector-cybersecurity-performance-goals#MinimumPasswordStrength2B
- https://www.fbi.gov/contact-us/field-offices
- https://www.cisa.gov/tlp
- http://Mega.io
- http://Luiza.li
- http://Stopransomware.gov
- http://cisa.gov
- Show all