← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
PDF Files Weaponized to Deliver Multiple Ransomware Variants
WHITE CyberHunter_NL 2023-11-10 Modified: 2023-12-10
20
IOCs
MEDIUM VOLUME
Hackers are using PDF files to deliver ransomware variants, according to AhnLab Security Emergency Response Center (ASEC) in South Korea, which has warned that they are a prime target for malware delivery.
asecsourcepdfswatchstorageguardusernamesfx fileahnlab securitycenterurlsprotecttourredline
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (20)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3837ff5bfbee187415c131cdbf97326b 2023-11-10
FileHash-SHA1 be140d44705431c811c41bc58edcb093aff5330c SHA1 of 3837ff5bfbee187415c131cdbf97326b 2023-11-10
FileHash-SHA256 9ba7ba0628c6739e758d2efed0207f70aa4dab2d436cdd11cd25d5585b94481d SHA256 of 3837ff5bfbee187415c131cdbf97326b 2023-11-10
FileHash-MD5 7e88670e893f284a13a2d88af7295317 2023-11-10
FileHash-MD5 9ce00f95fb670723dd104c417f486f81 2023-11-10
FileHash-MD5 d97fbf9d6dd509c78308731b0e57875a 2023-11-10
FileHash-SHA1 4bc0d76245e9d6ca8fe69daa23c46b2b8f770f1a SHA1 of 7e88670e893f284a13a2d88af7295317 2023-11-10
FileHash-SHA1 e6eee0966c9c3e01daaa96faaba92865fe6dfb2a SHA1 of d97fbf9d6dd509c78308731b0e57875a 2023-11-10
FileHash-SHA256 d5e9e8612572f4586bc94b4475503558b7c4cd9329d3ade5b86f45018957deb9 SHA256 of 7e88670e893f284a13a2d88af7295317 2023-11-10
FileHash-SHA256 e7e095cbda6322dc2116c1442522fafdb17a6a761b2a8ce8bb3223afe1648d4c SHA256 of d97fbf9d6dd509c78308731b0e57875a 2023-11-10
URL http://109.107.182.2/race/bus50.exe ddfba5500afeb860787bef0a4a27045d8f5823352786b79dd02781b4b7b1a4db 2023-11-10
URL http://171.22.28.226/download/Services.exe 2157d146a890d32c5ba49f31fa1840e5b0d56e4dd0bbf5f8b14cc4e482a47bef 2023-11-10
URL http://albertwashington.icu/timeSync.exe 8d58024006a6c3503ba5af8f92dbdfd9178e27082491717ca1a2bdc35cf81b02 2023-11-10
URL https://experiment.pw/setup294.exe 2023-11-10
URL https://fancli.com/21czb7 2023-11-10
URL https://pimlm.com/c138f0d7e1c8a70876e510fcbb478805FEw1MBufh9gLOVv4erOokBCFouvPxBIEeH3DBT3gv3 2023-11-10
domain albertwashington.icu 2023-11-10
domain experiment.pw 2023-11-10
domain fancli.com 2023-11-10
domain pimlm.com 2023-11-10
References (1)
↗ https://cybersecuritynews.com/hackers-weaponize-pdf-files/