xdecision_data[.]pdf

Sharing

Copy URL Twitter E-mail

General

Target

xdecision_data.pdf
Size

167KB
MD5

6587ccd132eb204c75bb6b65ef1cc0f7
SHA1

4fdbadabe336c45831a3363fc55249294ab66293
SHA256

103fe88940e18ab04f801ee298558c03150a0d00b8d7664e542853151388eb14
SHA512

06e8aecc8f74f9a4d37d75cac85c2156f41fc178743730cd22ea9f75b5f63400811e9164bbc8ca0126f83273ddf4d60b3600ab09cb8e87a4eb4cdc1114b2216e
SSDEEP

3072:Iv/yOUrmGaeBqdkGgiUS0emBu1wI2Em7zCQubG:IvlUrJvKgiLn72Em7zCQaG

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
sample	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

xdecision_data.pdf
.pdf
- https://192.168.196.155:444/analysis-reports?data=64db3cfbddfcaefbbbb8636awin7simulatefull_triage&state=not%20suspicious
- https://192.168.196.155:444/analysis-reports?data=64db3cfd8d804775af13964bwin7simulatefull_triage&state=not%20suspicious
- https://192.168.196.155:444/analysis-reports?data=64f03b8fbe5f274957bc3f30win10vpnhigh_evasion&state=malicious
- https://192.168.196.155:444/analysis-reports?data=64f03b9cbe5f274957bc3f7awin7simulatefull_triage&state=not%20suspicious
- https://192.168.196.155:444/analysis-reports?data=64f3459fa486bfac5bea29aewin7simulatefull_triage&state=malicious
- https://192.168.196.155:444/analysis-reports?data=64f3459fa486bfac5bea29aewin7vpnfull_triage&state=malicious
- https://192.168.196.155:444/analysis-reports?data=64f6d683eb149d16809521ccwin7simulatefull_triage&state=malicious
- https://192.168.196.155:444/analysis-reports?data=64f6df5d061f7c22d29730f5win7vpnfull_triage&state=not%20suspicious
- https://192.168.196.155:444/analysis-reports?data=64f84d2223cf91fcac5f5a35win7internetfull_triage&state=malicious
- https://192.168.196.155:444/analysis-reports?data=64f889f023cf91fcac5f5a47win7simulatefull_triage&state=malicious
- https://192.168.196.155:444/analysis-reports?data=650136314afa4d3e547ef1e0win7simulatefull_triage&state=malicious
- https://bazaar.abuse.ch/sample/1b9af587e3e810954c888fa0efa0efc5140e5369c8238a40d8e973a7e99dd30c/
- https://bazaar.abuse.ch/sample/1c86ea69172d009a3cdd1743213353ecfde93cbeeba216b81b2bfcf60934db41/
- https://bazaar.abuse.ch/sample/1c86ea69172d009a3cdd1743213353ecfde93cbeeba216b81b2bfcf60934db41/https://bazaar.abuse.ch/sample/1f80003416d85564aa437e72de131702a3a413b4d60611bf412f92ee9cf1f7ee/
- https://bazaar.abuse.ch/sample/1f80003416d85564aa437e72de131702a3a413b4d60611bf412f92ee9cf1f7ee/
- https://bazaar.abuse.ch/sample/284baaf86a8177172e090cdb2bb6f46c8b7c79b99781e798aa70eb3ed303c7b3/https://bazaar.abuse.ch/sample/88921dad96a51ff9f15a1d93b51910b2ac75589020fbb75956b6f090381d4d4f/https://bazaar.abuse.ch/sample/189ca1951e90f92454d9e6f451847f17d5d3e85639e474147d9d63ec529189df/https://bazaar.abuse.ch/sample/1b9af587e3e810954c888fa0efa0efc5140e5369c8238a40d8e973a7e99dd30c/https://bazaar.abuse.ch/sample/bef70f88a58b45ede2bcdd53b5f00445f4fa003862de40d6d6ab2a3e72241936/https://bazaar.abuse.ch/sample/865e1bbaec089713462d554d11ce2cb59be0219ea386721cf6ded5ac4d021e15/https://bazaar.abuse.ch/sample/bdaa2358b01ed8b195f03ab82bb52c2c32ad3bdf11caf665ee3956dcfc35faf8/https://bazaar.abuse.ch/sample/ca0bee4a47a24d23335eebc6cec62220d1ac2009443c455cd77d0ff0b9f8cbae/
- https://bazaar.abuse.ch/sample/88921dad96a51ff9f15a1d93b51910b2ac75589020fbb75956b6f090381d4d4f/
- Show all