merlin | 4447c8ea6642b37538822292dc46192a7039dc54ab0d889172ab25dd15353f11

Sharing

Copy URL

Twitter E-mail

General

Target

4447c8ea6642b37538822292dc46192a7039dc54ab0d889172ab25dd15353f11
Size

2.9MB
MD5

d4f5b98d072f061e4ae41a8fb7c9bf6d
SHA1

4443abaf018dffb34746b649e3b289c97082e778
SHA256

4447c8ea6642b37538822292dc46192a7039dc54ab0d889172ab25dd15353f11
SHA512

05df53c39122be884130d725f1fee26fc54a5ad3c7b33026a93ff298148eb509460cca32776aa4704f8c8e970970e9f633077f2a3ee1c4c6918282c0aa9b91f1
SSDEEP

49152:I66fsKpKV8fJTaNeX+2faOrNETjuEH51dYEX+WYvdfzgb1gdu0fl5X/oMlf:IT8ifJTB+8rN4juEH51dvOWGt5du0fQI

Score

10^/10

pdf link merlin

Malware Config

Signatures

Merlin family
merlin
Merlin payload 1 IoCs

Processes:

resource yara_rule

sample family_merlin
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
pdf link

Processes:

resource yara_rule

sample pdf_with_link_action
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

resource	yara_rule
sample	family_merlin

resource	yara_rule
sample	pdf_with_link_action

Files

4447c8ea6642b37538822292dc46192a7039dc54ab0d889172ab25dd15353f11
.pdf
- https://www.torproject.org/
- https://www.wifimap.io/
- https://tails.boum.org/
- https://www.ramnode.com/
- https://nicevps.net/
- https://www.cinfu.com/
- https://pivps.com/
- https://securedragon.net/
- https://bitlaunch.io/
- https://bithost.io/
- https://aircrack-ng.org/
- https://hakin9.org/
- https://www.howtoforge.com/
- https://www.metasploit.com/
- https://github.com/EmpireProject/Empire/
- http://www.twitter.com/@harmj0y
- http://www.twitter.com/@sixdub
- http://www.twitter.com/@enigma0x3
- http://www.twitter.com/@rvrsh3ll
- http://www.twitter.com/@killswitch_gui
- http://www.twitter.com/@xorrior
- https://github.com/cobbr/SharpSploit/
- https://docs.microsoft.com/en-us/windows/win32/amsi/how-amsi-helps
- https://github.com/Ne0nd0g/merlin/
- https://daniel.haxx.se/http2/http2-v1.12.pdf
- https://www.virustotal.com/gui/
- https://github.com/zerosum0x0/koadic/
- https://www.w3.org/Style/XSL/
- http://bit.ly/2TUqPcH
- https://github.com/byt3bl33d3r/SILENTTRINITY
- http://bit.ly/2QPJ6o9
- https://www.drdobbs.com/scriptlets/199101569
- https://blog.sevagas.com/
- http://bit.ly/2IL2I8g
- https://www.toptal.com/
- https://github.com/phocean/dockerfile-msf/
- http://dockerlabs.collabnix.com/
- https://dockr.ly/2N7kPsB
- https://dockr.ly/39ToIeq
- https://hub.docker.com/
- https://github.com/staticfloat/docker-nginx-certbot
- http://www.nostarch.com/how-hack-ghost/
- https://registry.terraform.io/
- https://serverless-stack.com/chapters/
- https://cloud-images.ubuntu.com/locator/ec2/
- https://www.terraform.io/docs/
- https://github.com/adamdecaf/terraform-provider-namecheap
- http://bit.ly/2FoW0nI
- http://bit.ly/2ZVRGpy
- https://blog.scottlowe.org/
- https://www.slideshare.net/
- https://osintframework.com/
- https://opencorporates.com/
- http://yandex.ru/
- https://github.com/eth0izzle/shhgit/
- https://www.hacklikeapornstar.com/secret_regex_patterns.txt
- https://github.com/zricethezav/gitleaks/
- https://github.com/dxa4481/truffleHog/
- https://gist.github.co/
- https://pastebin.com/
- https://codepen.io/
- https://censys.io/
- https://github.com/OWASP/Amass/
- https://github.com/stealth/fernmelder/
- https://github.com/danielmiessler/SecLists/
- https://github.com/infosec-au/altdns/
- https://hackerone.com/reports/716292/
- https://juristr.com/
- https://github.com/Warflop/CloudBunny
- https://dnscharts.hacklikeapornstar.com/
- http://bit.ly/303dPm0
- https://buckets.grayhatwarfare.com/
- https://0xpatrik.com/takeover-proofs/
- https://blog.teamtreehouse.com/an-introduction-to-websockets/
- http://bit.ly/2tQDQJm
- https://docs.aws.amazon.com/
- http://bit.ly/2QEQmo9
- http://flaws.cloud/
- https://github.com/Warflop/CloudBunny/
- https://github.com/pielco11/fav-up/
- http://bit.ly/36KVQn2
- http://bit.ly/39Xy6ha
- http://bit.ly/2FBWoPU
- http://bit.ly/35FsTHN
- https://go.aws/35EzJgE
- https://github.com/GerbenJavado/LinkFinder/
- https://docs.aws.amazon.com/glue/latest/dg/vpc-endpoints-s3.html
- https://github.com/HackLikeAPornstar/GreschPolitico/tree/master/S3Backdoor/
- https://nostarch.com/how-hack-ghost/
- https://www.logicbig.com/
- https://blog.container-solutions.com/
- https://man7.org/
- https://github.com/snoopysecurity/awesome-burp-extensions/
- https://www.youtube.com/watch?v=3cT0uE7Y87s
- https://dockr.ly/2sgaVhj
- http://bit.ly/2TfZHV1
- https://unit42.paloaltonetworks.com/
- https://minikube.sigs.k8s.io/docs/start/
- https://kubernetes.io/docs/tasks/tools/install-kubectl/
- https://www.ianlewis.org/
- https://docs.docker.com/network/bridge/
- http://bit.ly/3a0hJjX
- http://bit.ly/30aGqFU
- http://bit.ly/36MAjKr
- http://bit.ly/2sds4bg
- http://bit.ly/36NBk4S
- https://github.com/JohnLaTwC/Shared
- http://api/dashboard/campaign/1395412512
- https://github.com/frohoff/ysoserial/
- https://github.com/kubernetes/autoscaler/
- https://www.liquidweb.com/kb/kubernetes-rbac-authorization/
- http://bit.ly/35JTJyp
- https://www.sparcflow.com/docs/kube-api-v1.19.html
- https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands
- https://developers.onelogin.com/openid-connect/
- https://docs.aws.amazon.com/eks/latest/userguide/worker_node_IAM_role.html
- https://banzaicloud.com/blog/network-policy/
- http://bit.ly/2tgPBIQ
- https://digiday.com/media/what-is-real-time-bidding/
- https://github.com/croemheld/lkm-rootkit/
- https://blog.rapid7.com/
- http://bit.ly/3601dxh
- https://github.com/nsxz/ReflectiveELFLoader/
- https://0x00sec.org/t/dissecting-and-exploiting-elf-files/7267/
- http://bit.ly/35YMiTY
- http://bit.ly/3aeig27
- http://bit.ly/2TBkmD8
- https://dockr.ly/2QKr1ck
- https://github.com/toniblyx/my-arsenal-of-aws-security-tools/
- https://digital.ai/periodic-table-of-devops-tools
- http://lambda.amazonaws.com/
- http://bit.ly/2RtothP
- http://bit.ly/2Oan7I7
- https://aws.amazon.com/iam/features/analyze-access/
- https://www.loggly.com/ultimate-guide/centralizing-windows-logs/
- https://evotec.xyz/powershell-everything-you-wanted-to-know-about-event-logs/
- https://github.com/michaelsauter/crane/
- http://bit.ly/3aW64Dh
- https://spark.apache.org/powered-by.html
- https://aws.amazon.com/redshift/pricing/
- https://data-flair.training/blogs/apache-spark-map-vs-flatmap/
- https://admin.google.com/
- https://github.com/HackLikeAPornstar/GreschPolitico
- https://www.blackhillsinfosec.com/
- http://bit.ly/2RAzYEx
- https://developers.google.com/admin-sdk/directory/v1/guides/manage-users/
- https://developers.google.com/admin-sdk/directory/v1/guides/delegation/
- https://cloud.google.com/compute/docs/access/service-accounts/
- Show all