Managed XDR

cisco-ironport.pdf — malware analysis report

File info

Filename
cisco-ironport.pdf
File type
PDF document, version 1.4
File size
66.4 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
2b25d7a74d031d5e9ea8dca5a9934c0458273057
SHA256
77e1dba1271b83089ba749d1f9254d66a4e092a78423044ca8e1cf4fc6770db8
MD5
2a6cbbe87c395feb73fc79375f8cc95d

Signatures

Initial Access

T1192 html_urls: HTML-document downloads a file

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity

Other

yara_rules: Static rules
pdf_compressed_stream: Contains an object with compressed stream
get_policy_info: Retrieves information about a Policy object
office_links: Office file contains external links
Managed XDR