← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Phishing PDF Files Downloading Malicious Packages - ASEC BLOG
WHITE CyberHunter_NL 2023-11-08 Modified: 2023-12-08
19
IOCs
MEDIUM VOLUME
A study carried out by AhnLab Security Emergency Response Center (ASEC) suggests that Phishing PDF files that contain malicious URLs are being distributed under the guise of downloading certain programs or programs.
sfx fileahnlabpdf fileusernameinfostealerstempasec blogahnlab securitycenterasecdefenderformredline
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (19)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3837ff5bfbee187415c131cdbf97326b 2023-11-08
FileHash-SHA1 be140d44705431c811c41bc58edcb093aff5330c SHA1 of 3837ff5bfbee187415c131cdbf97326b 2023-11-08
FileHash-SHA256 9ba7ba0628c6739e758d2efed0207f70aa4dab2d436cdd11cd25d5585b94481d SHA256 of 3837ff5bfbee187415c131cdbf97326b 2023-11-08
FileHash-MD5 7e88670e893f284a13a2d88af7295317 2023-11-08
FileHash-MD5 9ce00f95fb670723dd104c417f486f81 2023-11-08
FileHash-MD5 d97fbf9d6dd509c78308731b0e57875a 2023-11-08
URL http://109.107.182.2/race/bus50.exe ddfba5500afeb860787bef0a4a27045d8f5823352786b79dd02781b4b7b1a4db 2023-11-08
URL http://171.22.28.226/download/Services.exe 2157d146a890d32c5ba49f31fa1840e5b0d56e4dd0bbf5f8b14cc4e482a47bef 2023-11-08
URL http://albertwashington.icu/timeSync.exe 8d58024006a6c3503ba5af8f92dbdfd9178e27082491717ca1a2bdc35cf81b02 2023-11-08
URL https://experiment.pw/setup294.exe 2023-11-08
URL https://fancli.com/21czb7 2023-11-08
URL https://pimlm.com/c138f0d7e1c8a70876e510fcbb478805FEw1MBufh9gLOVv4erOokBCFouvPxBIEeH3DBT3gv3 2023-11-08
domain albertwashington.icu 2023-11-08
domain experiment.pw 2023-11-08
domain fancli.com 2023-11-08
domain pimlm.com 2023-11-08
URL https://vk.com/doc493219498_672808805?hash=WbT8ERQ6JqZtcpYqYQ1dqT20VUT6H55UBeZPohjBEcL&dl=OZT9YtCLo5wh0Asz409V6q2waoA5QzfpbHWRNw1XuN4&api=1&no_preview=1 2023-11-08
URL https://sun6-22.userapi.com/c909518/u493219498/docs/d15/e2be9421af16/crypted.bmp?extra=B1RdO-HpjVMqjnLdErJKOdzrctd5D25TIZ1ZrBNdsU03rpLayqZ7hZElCroMxCocAIAu5NtmHqMC_mi0SftWWlSiCt45Em-FJQwMgKimJjxdYqtQzgUWp3F9Fo0vrbdrH_15KJlju51Y3LM 2023-11-08
hostname sun6-22.userapi.com 2023-11-08
References (1)
↗ https://asec.ahnlab.com/en/58660/