Analysis of ‘MalDoc in PDF’
Tags
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
Type | Value |
---|---|
UUID | 7a5eed6f-acfd-4b28-a613-6950d5a5a007 |
Fingerprint | a2e53b5209a713af |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Aug. 30, 2023, 10:28 a.m. |
Added to db | Aug. 31, 2024, 7:09 a.m. |
Last updated | Aug. 31, 2024, 8:56 p.m. |
Headline | Analysis of ‘MalDoc in PDF’ |
Title | Analysis of ‘MalDoc in PDF’ |
Detected Hints/Tags/Attributes | 25/2/8 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 169 | ✔ | Maldoc on Medium | https://medium.com/feed/tag/maldoc | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 3 | cloudmetricsapp.com |
|
Details | File | 1 | 0723request.pdf |
|
Details | File | 1 | image7891805.jpg |
|
Details | File | 1 | macro.bin |
|
Details | sha256 | 4 | ef59d7038cfd565fd65bae12588810d5361df938244ebad33b71882dcf683058 |
|
Details | IPv4 | 1 | 179.60.147.105 |
|
Details | Url | 1 | https://cloudmetricsapp.com/wp-content/uploads/docs/addin.msi |
|
Details | Yara rule | 1 | rule MaldocinPDF { meta: description = "Detecting MalDocs in PDF" strings: $mht0 = "mime" ascii nocase $mht1 = "content-location:" ascii nocase $mht2 = "content-type:" ascii nocase $mht3 = "Edit-Time-Data" ascii nocase $doc = "<w:WordDocument>" ascii nocase $xls = "<x:ExcelWorkbook>" ascii nocase condition: (uint32(0) == 0x46445025) and (2 of ($mht*)) and ((1 of ($doc)) or (1 of ($xls))) } |