Overview

overview

4

Static

static

4

1503-explo...SS.pdf

windows7-x64

1

1503-explo...SS.pdf

windows10-2004-x64

1

1503-explo...oc.txt

ubuntu-18.04-amd64

3

1503-explo...oc.txt

debian-9-armhf

1

1503-explo...oc.txt

debian-9-mips

1503-explo...oc.txt

debian-9-mipsel

1503-explo...15.pdf

windows7-x64

1

1503-explo...15.pdf

windows10-2004-x64

1

1503-explo...ec.txt

ubuntu-18.04-amd64

1503-explo...ec.txt

debian-9-armhf

1503-explo...ec.txt

debian-9-mips

1503-explo...ec.txt

debian-9-mipsel

1503-explo...id.pdf

windows7-x64

1

1503-explo...id.pdf

windows10-2004-x64

1

1503-explo....rb.js

windows7-x64

3

1503-explo....rb.js

windows10-2004-x64

3

1503-explo...ow.txt

ubuntu-18.04-amd64

3

1503-explo...ow.txt

debian-9-armhf

1

1503-explo...ow.txt

debian-9-mips

1503-explo...ow.txt

debian-9-mipsel

1503-explo...ow.txt

ubuntu-18.04-amd64

3

1503-explo...ow.txt

debian-9-armhf

1

1503-explo...ow.txt

debian-9-mips

1503-explo...ow.txt

debian-9-mipsel

1503-explo...xec.js

windows7-x64

3

1503-explo...xec.js

windows10-2004-x64

3

1503-explo...ow.txt

ubuntu-18.04-amd64

3

1503-explo...ow.txt

debian-9-armhf

1

1503-explo...ow.txt

debian-9-mips

1503-explo...ow.txt

debian-9-mipsel

1503-explo...ow.txt

ubuntu-18.04-amd64

3

1503-explo...ow.txt

debian-9-armhf

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    4e7b9eb1c34e67825729e2b496930a00_JaffaCakes118

  • Size

    5.9MB

  • MD5

    4e7b9eb1c34e67825729e2b496930a00

  • SHA1

    759d101d573d02e24de61884eed643e2c55b3d8f

  • SHA256

    ff2d4f6a5e0d36e7a400694be6896782332b861bb542ff96067e295fc65f2246

  • SHA512

    a7560ee609b5018ded15fb70e10b46209c9bf9b62fa35bb24c5338daf791630c4813fe750b53a52a7852eb4ad15ef72511fa880434af02fb52199675b2e4bced

  • SSDEEP

    98304:hhlQ1bTwgcqbOBzuHjPRgd+zUIrV/QKivhTMNzb6bhxpbf/R9lKPzrFroik87rRX:hDQhwgcxBSRgMzUIpGJTO/6Dl/PGPFrv

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 3 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • 4e7b9eb1c34e67825729e2b496930a00_JaffaCakes118
    .gz
  • sample
    .tar
  • 1503-exploits/3dcart-xss.txt
  • 1503-exploits/724cms-leak.txt
  • 1503-exploits/724cms-traversal.txt
  • 1503-exploits/724cms501-sql.txt
  • 1503-exploits/724cms501-xss.txt
  • 1503-exploits/CORE-2015-0005.txt
  • 1503-exploits/CORE-2015-0006.txt
  • 1503-exploits/DotDefender-XSS.pdf
    .pdf

    • http://localhost/DotDefender/

    • http://saytim.remote/index.php

    • http://www.applicure.com/download-latest

  • 1503-exploits/MSA-2015-03.txt
  • 1503-exploits/NSOADV-2015-001.txt
  • 1503-exploits/SGMA15-001.txt
  • 1503-exploits/SROEADV-2015-08.txt
  • 1503-exploits/VL-1441.txt
  • 1503-exploits/ZSL-2015-5232.txt
  • 1503-exploits/ZSL-2015-5233.txt
  • 1503-exploits/ZSL-2015-5234.txt
  • 1503-exploits/ZSL-2015-5235.txt
  • 1503-exploits/ZSL-2015-5236.txt
  • 1503-exploits/ZSL-2015-5237.txt
  • 1503-exploits/acunetixole-exec.txt
    .sh .vbs linux polyglot
  • 1503-exploits/adobe_flash_pcre.rb.txt
  • 1503-exploits/adobe_flash_uncompress_zlib_uaf.rb.txt
  • 1503-exploits/adobe_flash_worker_byte_array_uaf.rb.txt
  • 1503-exploits/adventjmx-bypass.txt
  • 1503-exploits/afterlogic-bypass.txt
  • 1503-exploits/airties-xss.txt
  • 1503-exploits/anchorcms092-xss.txt
  • 1503-exploits/androidmedia-overflow.txt
  • 1503-exploits/androidunflatten-overflow.txt
  • 1503-exploits/appweb-dos.txt
  • 1503-exploits/asusrtg32-xssxsrf.txt
  • 1503-exploits/atutorlcms-xsrf.txt
  • 1503-exploits/beditacms-xss.txt
  • 1503-exploits/beditacms-xssxsrf.txt
  • 1503-exploits/belkin_login_bof.rb.txt
  • 1503-exploits/bertacms-upload.txt
  • 1503-exploits/betster-sqlbypass.txt
  • 1503-exploits/brasero-poc.txt
    .sh linux
  • 1503-exploits/bzrplayer103-dllhijack.txt
  • 1503-exploits/chamilolms1910-xssxsrf.txt
  • 1503-exploits/ciscona-xss.txt
  • 1503-exploits/ciscoucsm-disclose.txt
  • 1503-exploits/citrixcc-download.txt
  • 1503-exploits/citrixnitro-exec.txt
  • 1503-exploits/citrixnitro-xss.txt
  • 1503-exploits/citrixns-xss.txt
  • 1503-exploits/ckeditor447-shellxss.txt
  • 1503-exploits/cmsbuilder207-sql.txt
  • 1503-exploits/cnns10-bypass.txt
  • 1503-exploits/codiad-lfi.txt
  • 1503-exploits/codoforum-disclose.txt
  • 1503-exploits/communitygallery-xss.txt
  • 1503-exploits/comsenzsupesite-sql.txt
  • 1503-exploits/comsenzsupesitecms-exec.txt
  • 1503-exploits/comsenzsupesitecms-xss.txt
  • 1503-exploits/cve-2014-3631_poc.c
  • 1503-exploits/cve-2014-4943_poc.c
  • 1503-exploits/cve-2014-9322_poc.c
  • 1503-exploits/eBay030315.pdf
    .pdf

    • http://Half.com

    • http://eBay.com

    • http://en.wikipedia.org/wiki/eBay

    • http://www.ebay.co.jp

    • http://www.ebay.co.jp/

    • http://www.ebay.co.jp/?order=%26%2339%3b%2calert

    • http://www.ebay.co.jp/?order=%26%2339%3b%2cdocument.write

    • http://www.ebay.co.jp/?order=%26%2339%3b%2cwindow.location.href=String.fromCharCode%28104,116,116,112,58,47,47,119,119,119,46,105,98,109,46,99,111,109%29%2c%26%2339%3b&post_parent=296&s=0X31337

    • http://www.ebayinc.com/who_we_are/one_company

    • Show all
  • 1503-exploits/eccms-sqlxss.txt
  • 1503-exploits/elastic250-sql.txt
  • 1503-exploits/elasticshell-exec.txt
    .sh linux
  • 1503-exploits/emcmr-credential.txt
  • 1503-exploits/emcmralerting-xss.txt
  • 1503-exploits/emcmrcmc-xss.txt
  • 1503-exploits/emcmrdd-traversal.txt
  • 1503-exploits/emcmrmib-traversal.txt
  • 1503-exploits/emcmrportal-xss.txt
  • 1503-exploits/emcsrs-exec.txt
  • 1503-exploits/emcsrs-sql.txt
  • 1503-exploits/etchat-xss.txt
  • 1503-exploits/exim_gethostbyname_bof.rb.txt
  • 1503-exploits/exploiting-dropboxsdk-android.pdf
    .pdf

    • http://AndroidAuthSession.is

    • http://RESTUtility.build

    • http://com.dropbox.client2.android

    • http://developer.android.com/reference/android/app/Activity.html

    • http://il.ibm.com

    • http://sonCreatemethodwillcheckifitislinkedviaAndroidAuthSession.is

    • http://sonResumemethodiscalledinasuccessivemanner.ItwillagaincallAndroidAuth-Session.is

    • http://www.appbrain.com/stats/libraries/details/dropbox_api/dropbox-api

    • http://www.appbrain.com/stats/libraries/details/dropbox_api/dropbox-api.2TakeshiTerada.AttackingAndroidbrowsersviaintentschemeURLs.2014.http://www.mbsd.jp/Whitepaper/IntentScheme.pdf.3RoeeHay&DavidKaplan.Remoteexploitationofthecordovaframework.2014.http://www.slideshare.net/ibmsecurity/remote-exploitation-of-the-cordova-framework.4Android.Activity.http://developer.android.com/reference/android/app/Activity.html.5Trustwave.2014businesspasswordanalysis,2014.https://gsr.trustwave.com/topics/business-password-analysis/2014-business-password-analysis/.8

    • Show all
  • 1503-exploits/fedora21-localroot.txt
  • 1503-exploits/firefox_proxy_prototype.rb.txt
    .js
  • 1503-exploits/fiyocms-sqlxssbypass.txt
  • 1503-exploits/fortimail-xss.txt
  • 1503-exploits/foxitdsb.tgz
    .gz
  • foxitdsb.tgz
    .tar
  • foxitdsb/PRL-2015-02.gif
    .gif
  • foxitdsb/foxitdsb.txt
  • 1503-exploits/foxitlzw.tgz
    .gz
  • foxitlzw.tgz
    .tar
  • foxitlzw/PRL-2015-01.gif
    .gif
  • foxitlzw/foxitlzw-corrupt.txt
  • 1503-exploits/freemp3cd-overflow.txt
    .sh linux
  • 1503-exploits/generic_http_dll_injection.rb.txt
  • 1503-exploits/generic_smb_dll_injection.rb.txt
  • 1503-exploits/goahead341-overflowtraversal.txt
  • 1503-exploits/googleanalyticsyoast-xss.txt
  • 1503-exploits/hostingtakip-xss.txt
  • 1503-exploits/hp_dataprotector_cmd_exec.rb.txt
  • 1503-exploits/httrackwebsitecopier-dllhijack.txt
  • 1503-exploits/idm620-overflow.txt
    .sh linux
  • 1503-exploits/innovationwebpac-redirect.txt
  • 1503-exploits/instant20-sql.txt
  • 1503-exploits/intelnadd-handling.txt
  • 1503-exploits/ipass_launch_app.rb.txt
  • 1503-exploits/ipass_pipe_exec.rb.txt
  • 1503-exploits/jbossjmx-exec.txt
    .js
  • 1503-exploits/joomlacfm-sql.txt
  • 1503-exploits/joomlaecommercewd-sql.txt
  • 1503-exploits/joomlagallerywd-sql.txt
  • 1503-exploits/joomlarac-sql.txt
  • 1503-exploits/joomlaspiderfaq-sql.txt
  • 1503-exploits/joomlasrac-sql.txt
  • 1503-exploits/kguard-disclose.txt
  • 1503-exploits/kunstmaancms-redirect.txt
  • 1503-exploits/lcmsconnect41-clickjack.txt
  • 1503-exploits/lcmsconnect41-xsrf.txt
  • 1503-exploits/lcmsconnect41-xss.txt
  • 1503-exploits/mac-overflows.tgz
    .gz
  • 1503-exploits/mambo465-xsrfsql.txt
  • 1503-exploits/manageengineadamp-xss.txt
  • 1503-exploits/medc-escalate.txt
  • 1503-exploits/mede-xsrf.txt
  • 1503-exploits/mede-xss.txt
  • 1503-exploits/mede-xssxsrf.txt
  • 1503-exploits/mencm-xsrf.txt
  • 1503-exploits/metasploit-xsrf.txt
  • 1503-exploits/mikrotik-xsrf.txt
  • 1503-exploits/ministreamripper277100-overflow.txt
    .sh linux
  • 1503-exploits/ministreamrmmp3273700-overflow.txt
    .sh linux
  • 1503-exploits/mobilis3g-xss.txt
  • 1503-exploits/mswintext.tgz
    .gz
  • 1503-exploits/nacl-escape.tgz
    .gz
  • 1503-exploits/netcatcms-crlf.txt
  • 1503-exploits/netcatcms-disclose.txt
  • 1503-exploits/netcatcms-openredirect.txt
  • 1503-exploits/netcatcms-rfi.txt
  • 1503-exploits/netcatcms-xss.txt
  • 1503-exploits/netcatcms55-xss.txt
  • 1503-exploits/nvidia_mental_ray.rb.txt
  • 1503-exploits/ocportal9016-xss.txt
  • 1503-exploits/opencms951-xss.txt
  • 1503-exploits/openkm6-xss.txt
  • 1503-exploits/pats-xss.txt
  • 1503-exploits/pfsense22-xssxsrf.txt
  • 1503-exploits/phpmoadmin-exec.txt
  • 1503-exploits/phpmoadmin_exec.rb.txt
    .js
  • 1503-exploits/powershell_remoting.rb.txt
    .ps1
  • 1503-exploits/projectpier088sp2-xss.txt
  • 1503-exploits/projectsend-sql.txt
  • 1503-exploits/publishit_pui.rb.txt
  • 1503-exploits/qnapws-exec.rb.txt
    .vbs
  • 1503-exploits/question2answer-xss.txt
  • 1503-exploits/raritanpoweriq-staticsecret.txt
  • 1503-exploits/realmswiki-xsrf.txt
  • 1503-exploits/rowhammer.tgz
    .gz
  • 1503-exploits/run_as.rb.txt
  • 1503-exploits/se-2014-02-full.tgz
    .gz
  • 1503-exploits/seagate_nas_php_exec_noauth.rb.txt
  • 1503-exploits/seagatenas-exec.txt
    .sh linux
  • 1503-exploits/search_groovy_script.rb.txt
  • 1503-exploits/serendipitycms2-xss.txt
  • 1503-exploits/soapobject-useafterfree.txt
  • 1503-exploits/solarwindsorion-sql.txt
  • 1503-exploits/subrion330-xsrf.txt
  • 1503-exploits/superwebmailer-xss.txt
  • 1503-exploits/swisscomdlink-exec.txt
  • 1503-exploits/symantec_web_gateway_restore.rb.txt
  • 1503-exploits/twiki_debug_plugins.rb.txt
  • 1503-exploits/ulicms-xsrf.txt
  • 1503-exploits/ultraiso-dllhijack.txt
  • 1503-exploits/unasjeecms-xsrf.txt
  • 1503-exploits/untanglengfw-xssexec.txt
    .js
  • 1503-exploits/upb227-xss.txt
  • 1503-exploits/uploadify31-xss.txt
    .js
  • 1503-exploits/upstart-escalate.txt
  • 1503-exploits/varnishcache-overflow.txt
  • 1503-exploits/vastalitechphpvid-sql.txt
  • 1503-exploits/vastalitechphpvid-xss.txt
  • 1503-exploits/vbulletin4-inject.txt
  • 1503-exploits/webdepocms-sql.txt
  • 1503-exploits/webgatecontrolcenter-overflow.txt
    .html .js polyglot
  • 1503-exploits/webgateedvr-overflow.txt
    .html .js polyglot
  • 1503-exploits/webgateedvrmanager-overflow.txt
    .html .js polyglot
  • 1503-exploits/webgatewinrds208-overflow.txt
    .html .js polyglot
  • 1503-exploits/websenseam-exec.txt
  • 1503-exploits/websensecgerror-xss.txt
  • 1503-exploits/websenseds-xss.txt
  • 1503-exploits/websenseexplorer-access.txt
  • 1503-exploits/websenseexplorerreport-xss.txt
  • 1503-exploits/websensereporting-xss.txt
  • 1503-exploits/websensetritonjsp-disclose.txt
  • 1503-exploits/webshophun-sql.txt
  • 1503-exploits/webshophun-traversal.txt
  • 1503-exploits/webshophun-xss.txt
  • 1503-exploits/windows-fileformat-ms15_020_shortcut_icon_dllloader.rb.txt
  • 1503-exploits/windows-smb-ms15_020_shortcut_icon_dllloader.rb.txt
  • 1503-exploits/wondercms06-xss.txt
  • 1503-exploits/wp_foxypress_upload.rb.txt
  • 1503-exploits/wp_infusionsoft_upload.rb.txt
  • 1503-exploits/wp_lastpost_exec.rb.txt
  • 1503-exploits/wp_marketplace_240_add_admin.py.txt
    .sh linux
  • 1503-exploits/wp_optimizepress_upload.rb.txt
  • 1503-exploits/wp_total_cache_exec.rb.txt
  • 1503-exploits/wpabgmt-xssxsrf.txt
  • 1503-exploits/wpabmap-xssxsrf.txt
  • 1503-exploits/wpajaxsearchpro-exec.txt
  • 1503-exploits/wpall-exec.txt
  • 1503-exploits/wpaspose-disclose.txt
  • 1503-exploits/wpasposeceg-download.txt
  • 1503-exploits/wpasposede-disclose.txt
  • 1503-exploits/wpasposeie-disclose.txt
  • 1503-exploits/wpcalculatedfieldsform-sql.txt
  • 1503-exploits/wpcontactformdb-xsrf.txt
  • 1503-exploits/wpdet-shell.txt
  • 1503-exploits/wpdet-sql.txt
  • 1503-exploits/wpdet162-xss.txt
  • 1503-exploits/wpdifferentthemes-escalate.txt
  • 1503-exploits/wpdownloadmanager272-escalate.txt
  • 1503-exploits/wpfraction-escalate.txt
  • 1503-exploits/wphugeitslider-sql.txt
  • 1503-exploits/wpinboundiomarketing-shell.txt
  • 1503-exploits/wpmarketplace240-download.txt
  • 1503-exploits/wpmaxbannerads-xss.txt
  • 1503-exploits/wpmp3jplayer-disclose.txt
  • 1503-exploits/wpnewsletter-openredirect.txt
  • 1503-exploits/wpphotocrati-sql.txt
  • 1503-exploits/wppieregister-xss.txt
  • 1503-exploits/wpreflexgallery313-shell.txt
  • 1503-exploits/wpseoyoast-sql.txt
  • 1503-exploits/wpwpml-missingauth.txt
  • 1503-exploits/wpwpml-sqldeletexss.txt
  • 1503-exploits/wpyoastga-xss.txt
  • 1503-exploits/ws02-xssbypass.txt
  • 1503-exploits/x2engine-xsrf.txt
  • 1503-exploits/yql-xss.txt
  • 1503-exploits/zipprp-dllhijack.txt