b79c7584ef10ed44701192b35fa07407ca0db34b7fade46d8da0c30f68177cae

Sharing

Copy URL Twitter E-mail

General

Target

b79c7584ef10ed44701192b35fa07407ca0db34b7fade46d8da0c30f68177cae
Size

1.1MB
MD5

b7f92eeaf927cb46c8e739afa26848fb
SHA1

4fcfff48ce0f73d1b3f0486d26a6b26c7ba79737
SHA256

b79c7584ef10ed44701192b35fa07407ca0db34b7fade46d8da0c30f68177cae
SHA512

aad9e7c5ae70e153a83dc5552737a8043787172a184736183e71922f6f8d94a6dfccd8dfd9c35da51b719c8a6ad191e4dc3f8aac6b2e38ac23a5e2ec8d431a9b
SSDEEP

24576:R1tgrjeEVaaQtg06FTn9Cka/xnwBJWUzjRVuw05RR1XYPK/71306:R1tsSuaaQG08TUxgvwIPCJk6

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

b79c7584ef10ed44701192b35fa07407ca0db34b7fade46d8da0c30f68177cae
.pdf
- https://www.cyber.gov.au/about-us/about-acsc/contact-us
- https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf
- https://www.first.org/resources/papers/conf2016/FIRST-2016-101.pdf
- https://www.sans.org/white-papers/34132/
- https://www.sans.org/white-papers/34262/
- https://support.microsoft.com/en-au/topic/microsoft-security-advisory-update-to-improve-windows-command-line-auditing-february-10-2015-570edc4b-8ee7-950d-4629-045e308743e4
- https://learn.microsoft.com/en-au/security-updates/SecurityAdvisories/2015/3004375
- https://www.mandiant.com/resources/blog/greater-visibility
- https://learn.microsoft.com/en-au/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff182311(v=ws.10)
- https://learn.microsoft.com/en-au/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd349798(v=ws.10)
- https://learn.microsoft.com/en-au/archive/blogs/jepayne/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem
- https://www.rsaconference.com/library/presentation/how-to-go-from-responding-to-hunting-with-sysinternals-sysmon
- https://learn.microsoft.com/en-au/sysinternals/downloads/sysmon
- https://learn.microsoft.com/en-au/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection
- https://learn.microsoft.com/en-au/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings
- https://github.com/nsacyber/Event-Forwarding-Guidance
- https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-hardening/hardening-microsoft-windows-10-version-21h1-workstations
- https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-administration/securing-powershell-enterprise
- https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-hardening/implementing-application-control
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/strategies-mitigate-cyber-security-incidents
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism
- https://learn.microsoft.com/en-au/windows/whats-new/whats-new-windows-10-version-1507-and-1511#bkmk-lsass
- https://learn.microsoft.com/en-au/archive/blogs/askds/ntlm-blocking-and-you-application-analysis-and-auditing-methodologies-in-windows-7
- https://learn.microsoft.com/en-au/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide
- https://learn.microsoft.com/en-au/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-worldwide
- https://learn.microsoft.com/en-au/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide
- https://learn.microsoft.com/en-au/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview
- https://github.com/AustralianCyberSecurityCentre/windows_event_logging
- http://wmi_auditing.ps
- http://add_subscriptions.ps
- http://set_subscriptions_source.ps
- Show all