Behavioral task
behavioral1
Sample
680f67a8b8426388795eb0b43e2aadc479820274ddd933c2ce99e3d78400c4be.pdf
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
680f67a8b8426388795eb0b43e2aadc479820274ddd933c2ce99e3d78400c4be.pdf
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
680f67a8b8426388795eb0b43e2aadc479820274ddd933c2ce99e3d78400c4be
-
Size
3.4MB
-
MD5
be95053e406dba36c40b1f053813733b
-
SHA1
6edc44030dbc2e135e08cc8ca539596289ac1a68
-
SHA256
680f67a8b8426388795eb0b43e2aadc479820274ddd933c2ce99e3d78400c4be
-
SHA512
8bc37c981f37e462c57ecfbf2fc5ad1008e545166b0cbf23b6df52385c933292b6bc8486749f096f6aadac9e54b972fed74e9e9a0b488f7b75ccc6bb539a5d3b
-
SSDEEP
49152:lZOvNmiNz86iawejloimcQTkB4ooN4lG4xZeByt5lmSPZKEw2qA81kc70Odd5Cma:lZ/idnxpQy4ooNDK9VO2181bva9E1adR
Malware Config
Signatures
Files
-
680f67a8b8426388795eb0b43e2aadc479820274ddd933c2ce99e3d78400c4be.pdf
-
https://en.wikipedia.org/wiki/Password_cracking
-
https://en.wikipedia.org/wiki/Passphrase
-
https://www.securitymagazine.com/articles/91974-what-is-two-factor-authentication-the-tip-of-the-security-spear
-
https://www.cisecurity.org/blog/understanding-cis-control-5/
-
https://pages.nist.gov/800-63-FAQ/#q-b6
-
https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretver
-
https://www.blackhillsinfosec.com/increase-minimum-character-password-length-15-policies-active-directory/
-
http://198.199.82.82/sampleInc/
-
http://projects.webappsec.org/w/page/13246922/Directory%20Indexing
-
http://cwe.mitre.org/data/definitions/548.html
-
https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning
-
https://docs.microsoft.com/en-us/previous-versions/tn-archive/ee692589(v=technet.10)
-
https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms913275(v=winembedded.5)
-
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
-
https://www.cisecurity.org/controls/continuous-vulnerability-management/
-
https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities
-
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
-
https://docs.microsoft.com/en-us/aspnet/core/security/cross-site-scripting?view=aspnetcore-2.1
-
https://redsiege.com/
-
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
-
https://en.wikipedia.org/wiki/Downgrade_attack
-
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
-
https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
-
https://csrc.nist.gov/glossary/term/least_privilege
-
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models
-
https://devblogs.microsoft.com/powershell/windows-powershell-2-0-deprecation/
-
https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/
-
https://blog.rapid7.com/2018/09/27/the-powershell-boogeyman-how-to-defend-against-malicious-powershell-attacks/
-
https://attack.mitre.org/techniques/T1059/001/
-
https://www.social-engineer.org/framework/attack-vectors/vishing/
-
https://www.csoonline.com/article/3411439/smishing-and-vishing-how-these-cyber-attacks-work-and-how-to-prevent-them.html
-
https://imatrix.com/blog/vishing-and-phishing/
-
https://dnsdumpster.com/
-
https://curl.se/
-
https://crt.sh/
-
https://dehashed.com/
-
https://hunter.io/
-
https://github.com/xFreed0m/ADFSpray
-
https://github.com/OJ/gobuster
-
https://github.com/RedSiege/rstools/blob/master/scanning/autoscan.sh
-
https://www.kali.org/tools/enum4linux/
-
https://github.com/lgandx/Responder
-
https://github.com/SecureAuthCorp/impacket/blob/master/examples/ntlmrelayx.py
-
https://hashcat.net/hashcat/
-
https://www.wappalyzer.com/
-
https://portswigger.net/
-
https://github.com/reznok/Spring4Shell-POC/blob/master/exploit.py
-
https://attack.mitre.org/techniques/T1127/001/
-
https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1
-
https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1
-
https://github.com/PowerShellMafia/PowerSploit/blob/dev/Exfiltration/Get-GPPPassword.ps1
-
https://github.com/dafthack/DomainPasswordSpray
-
https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer
-
https://www.linkedin.com/
-
https://twitter.com/TimMedin
-
https://en.wikipedia.org/wiki/Password_crackingen-US
-
https://en.wikipedia.org/wiki/Passphraseen-US
-
https://pages.nist.gov/800-63-3/sp800-63b.html#memsecretveren-US
-
http://dc.clientdomain.com
-
https://redsiege.com/dir/
-
https://redsiege.com/en-US
-
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Securityen-US
-
https://en.wikipedia.org/wiki/Downgrade_attacken-US
-
http://crt.sh
-
https://crt.sh/?q=%.sampleInc.com&output=json
-
https://dnsdumpster.com/en-US
-
https://curl.se/en-US
-
https://crt.sh/en-US
-
http://Hunter.io
-
http://sampleinc.com
-
https://hunter.io/en-US
-
https://github.com/xFreed0m/ADFSprayen-US
-
https://github.com/OJ/gobusteren-US
-
http://autoscan.sh
-
https://github.com/RedSiege/rstools/blob/master/scanning/autoscan.shen-US
-
https://www.kali.org/tools/enum4linux/en-US
-
https://github.com/lgandx/Responderen-US
-
http://Responder.py
-
http://ntlmrelayx.py
-
https://github.com/SecureAuthCorp/impacket/blob/master/examples/ntlmrelayx.pyen-US
-
https://hashcat.net/hashcat/en-US
-
https://www.redsiege.com
-
https://redsiege.com
-
https://github.com/reznok/Spring4Shell-POC/blob/master/exploit.pyen-US
-
http://redsiege.com
-
https://redsiege.com/fakeDirectory/
-
http://sampleIncRedTeamTest.cloudfront.net
-
https://attack.mitre.org/techniques/T1127/001/en-US
-
https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1en-US
-
https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1en-US
-
https://github.com/PowerShellMafia/PowerSploit/blob/dev/Exfiltration/Get-GPPPassword.ps1en-US
-
https://github.com/dafthack/DomainPasswordSprayen-US
-
https://docs.microsoft.com/en-us/sysinternals/downloads/adexploreren-US
-
https://www.linkedin.com/en-US
-
https://surveys.hrsurveypro.com
- Show all
-