General
-
Target
KUA1a.pdf
-
Size
189KB
-
MD5
2c8e814def48bca110fc710bdf162099
-
SHA1
5e6794405a7a30b65085d3059ada43b9c1603e9a
-
SHA256
76d790d4341a1b90372cfb14b3d5b635b5be8b960739182e5ed46b652f0bafc4
-
SHA512
614518247ab405a1ab0ac1b1f72dc536d1529ba623d932e794900a6de2ca911c4ce4602593d51f037d10b50dec263d552f7332380e1d75c7fc6cdfbbcd916dfe
-
SSDEEP
3072:S4S3H4JyxGOvaMaaxAV2SF2cKo7pouprRdOPVpBg+0JQxa3VKSmkWsmKJDMTL5m1:S4EHmyxiiAV3F2cKrsqa3VKSpRMf5mhH
Malware Config
Signatures
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
-
PDF has QR code that contains a HTTP URL
PDFs with URL QR codes are often used for phishing
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
KUA1a.pdf
-
http://de-CHwww.gbssg.ch
-
http://gbssg.ch
-
http://www.gbssg.ch/
-
https://forms.office.com/Pages/ResponsePage.aspx?id=vUGvXYwzEUOxsOEpmInDS6E_0WkO7epJmBWAS3cP5qZUQ1JEMzZTOThORlowMTI2QThGNDBOR0ZYRS4u
-
https://forms.office.com/Pages/ResponsePage.aspx?id=vUGvXYwzEUOxsOEpmInDS6E_0WkO7epJmBWAS3cP5qZURDJWRFpGNzI0NzVJRVRXM1VOWDlGOEQ4MC4u&origin=QRCode
-
https://l.ead.me/bcBos2
-
https://l.ead.me/bcBowz
-
https://pauliph.com/de/shop
-
https://pauliph.com/de/shopde-CH
- Show all
-