Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ManBearPig pdf linking history @ enenews.com
- -----------------------------------------------------------------------------------------------
- disclosure: direct linked pdf's may be malicious files & possible BIOS attack - BEWARE!!!
- (the odds are extremely low, yet cannot be ruled out yet; space added before ://)
- VirusTotal notes for most files (quote)
- "Probably harmless! There are strong indicators suggesting that this file is safe to use."
- Anubis seems potentially more revealing ...
- -----------------------------------------------------------------------------------------------
- October 11, 2014 at 12:24 am - http://enenews.com/latest-govt-models-show-typhoon-making-direct-hit-fukushima-center-vongfong-expected-be-nuclear-plant-tuesday-maps/comment-page-1#comment-585961
- http ://www.safety.vanderbilt.edu/rad/nrc-reg-guide-8.13.pdf
- October 15, 2014 at 8:57 pm - http://enenews.com/govt-issues-inundation-warning-fukushima-daiichi-years-strongest-storm-approaches-tepco-bracing-overflows-officials-warn-torrential-rains-landslides-ground-loosening-south-plant-danger-tornad/comment-page-3#comment-588258
- http ://www.eurosafe-forum.org/files/pe_382_24_1_seminar2_01_2005.pdf
- October 15, 2014 at 10:51 pm - http://enenews.com/govt-issues-inundation-warning-fukushima-daiichi-years-strongest-storm-approaches-tepco-bracing-overflows-officials-warn-torrential-rains-landslides-ground-loosening-south-plant-danger-tornad/comment-page-3#comment-588362
- http ://earth.geology.yale.edu/~ajs/1960/ajs_258A_11.pdf/151.pdf
- https://www.virustotal.com/en/file/40cc4cc26b57e41e55f327634891a5386b7621de999572e26fabefeffa48c0da/analysis/1416046750/
- Quote: "This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers."
- http://anubis.iseclab.org/?action=result&task_id=173d2c99c7ef13cb45531df4c08326f25&format=html
- http ://anubis.iseclab.org/?action=result&task_id=173d2c99c7ef13cb45531df4c08326f25&download=traffic.pcap
- https://www.virustotal.com/en/file/0c43d1c08e84475c91e622b1efdee19abfae1ac2a551d7906329cf87b66fdb57/analysis/1416069787/
- Quote: "PCAP file! The file being studied is a network traffic capture, when studying it with intrusion detection systems Snort triggered 1 alert and Suricata triggered 3 alert."
- ... "Intrusion Detection System
- Snort 1 alert
- Suricata 3 alerts"
- ... "Wireshark file metadata
- File encapsulation Ethernet
- Number of packets 120
- Data size 89088 bytes"
- ... "Snort alerts Sourcefire VRT ruleset
- BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt (Attempted User Privilege Gain)
- Suricata alerts Emerging Threats ETPro ruleset
- ET POLICY Reserved Internal IP Traffic (Potentially Bad Traffic)
- ET POLICY Internet Explorer 6 in use - Significant Security Risk (Potential Corporate Privacy Violation)
- ET INFO PDF Using CCITTFax Filter (Potentially Bad Traffic)"
- ... "earth.geology.yale.edu 130.132.22.55"
- (note: not definative, flagged for further investigation)
- October 17, 2014 at 1:23 am - http://enenews.com/pbs-plague-hit-west-coast-hard-year-biologists-fear-species-going-extinct-experts-largest-outbreak-oceans-terms-numbers-species-affected-geographic-scale-mortality-people-kids-before-theyre-all/comment-page-2#comment-589179
- https ://www.orau.org/ptp/PTP%20Library/library/Subject/Plutonium/plutonium2.pdf
- https://www.virustotal.com/en/url/67f8b5abd8979c791f2786a1e0d177e11e62b1beaaf4b13ac05f2ef08681bc12/analysis/
- Quote: "HTTP Communication error - There was an unexpected error when trying to retrieve the response"
- http://anubis.iseclab.org/?action=result&task_id=1e7a67a95f43b5114c915fef8f923c38a&format=html
- October 17, 2014 at 12:42 pm - http://enenews.com/top-5/comment-page-1#comment-589403
- http ://energy.utexas.edu/files/2014/06/Eslinger-2014-JER-Fukushima-Source.pdf
- https://www.virustotal.com/en/file/25ce9ab8f93a2f23b4763ccb77f520da27c392438216eb98b1b043e0375bf1c2/analysis/1416046843/
- Quote: "This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
- This PDF document contains 17 object streams. A stream object is just a sequence of bytes and very often is only used to store images and page descriptions, however, since it is not limited in length many attackers use these artifacts in conjunction with filters to obfuscate other objects. "
- http://anubis.iseclab.org/?action=result&task_id=1b0d5dd14764399646db2c039779928c4&format=html
- October 17, 2014 at 12:48 pm - http://enenews.com/top-5/comment-page-1#comment-589414
- http ://energy.utexas.edu/files/2014/06/Eslinger-2014-JER-Fukushima-Source.pdf
- as above (copy)
- October 17, 2014 at 11:32 pm - http://enenews.com/top-5/comment-page-1#comment-589912
- http ://digitool.library.colostate.edu///exlibris/dtl/d3_1/apache_media/L2V4bGlicmlzL2R0bC9kM18xL2FwYWNoZV9tZWRpYS8yMDc5Mjg=.pdf
- https://www.virustotal.com/en/file/ac73c4ab320a3f290a10406e95d217939340688792f12797ed5736a2c2acdb4f/analysis/1416046547/
- Quote: "This PDF file contains 1 JavaScript block. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent."
- http://anubis.iseclab.org/?action=result&task_id=18f7d9ce635b77ce41d85d8497637249e&format=html
- October 17, 2014 at 11:36 pm - http://enenews.com/top-5/comment-page-1#comment-589918
- http ://www.ans.org/pi/ps/docs/ps47-bi.pdf
- https://www.virustotal.com/en/file/2c4223ea228a88540001d1b99fbd5f1316df2270ee886ec955fd7e24a08b50aa/analysis/1416047170/
- Quote: "This PDF document contains 9 object streams. A stream object is just a sequence of bytes and very often is only used to store images and page descriptions, however, since it is not limited in length many attackers use these artifacts in conjunction with filters to obfuscate other objects."
- http://anubis.iseclab.org/?action=result&task_id=193d2f7a4c9b9083441ed989f97831934&format=html
- http ://anubis.iseclab.org/?action=result&task_id=193d2f7a4c9b9083441ed989f97831934&download=traffic.pcap
- https://www.virustotal.com/en/url/03c8e9fd29f38d617ffb906874759641498513c6061f724734ef0feeb8f2542b/analysis/1416070919/
- (inconclusive - download & upload to Anubis)
- https://www.virustotal.com/en/file/7a794cd011c3f5bf64aef63affc33cfb89776b75eb2cfee428a2d7056f2dcac6/analysis/1416071001/
- Quote: "PCAP file! The file being studied is a network traffic capture, when studying it with intrusion detection systems Snort triggered 2 alerts and Suricata triggered 2 alerts. "
- ... "Intrusion Detection System"
- ... "Snort 2 alerts
- Suricata 2 alerts"
- ... "Wireshark file metadata
- File encapsulation Ethernet
- Number of packets 63
- Data size 41788 bytes"
- ... " Snort alerts Sourcefire VRT ruleset
- (spp_sdf) SDF Combination Alert (Sensitive Data was Transmitted Across the Network)
- BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt (Attempted User Privilege Gain)
- Suricata alerts Emerging Threats ETPro ruleset
- ET POLICY Reserved Internal IP Traffic (Potentially Bad Traffic)
- ET POLICY Internet Explorer 6 in use - Significant Security Risk (Potential Corporate Privacy Violation)"
- ... "DNS requests www.ans.org 206.222.45.7, 173.167.163.230, 199.19.56.1"
- (note: not definative, flagged for further investigation - 3 seperate IP Addresses though???)
- October 17, 2014 at 11:38 pm - http://enenews.com/top-5/comment-page-1#comment-589922
- http ://web.ornl.gov/~webworks/cpr/v823/rpt/109264.pdf
- October 17, 2014 at 11:39 pm - http://enenews.com/top-5/comment-page-1#comment-589924
- https ://www.oecd-nea.org/science/docs/2007/nsc-doc2007-6.pdf
- https://www.virustotal.com/en/file/945c79fa9bbef9286b01f422e284c6fe2189ff21f5c6e5f9732b8718e5bb4394/analysis/1416064139/
- Quote: "This PDF file contains 1 JavaScript block. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
- This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF."
- http://anubis.iseclab.org/?action=result&task_id=19a05d41e78269f34257819cc626e920d&format=html
- October 19, 2014 at 11:35 am - http://enenews.com/top-5/comment-page-1#comment-590754
- http ://www-pub.iaea.org/MTCD/publications/PDF/te_1601_web.pdf
- https://www.virustotal.com/en/file/08df0e133e48e87325ca0aa8e083f51afb7a4738efa239989103c30813bde194/analysis/1416047503/
- Quote: "This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
- This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers.
- This PDF document has Digital Rights Management or needs a password to be read."
- http://anubis.iseclab.org/?action=result&task_id=10acd33d394d7230419600d32bda8597b&format=html
- October 20, 2014 at 11:49 pm - http://enenews.com/govt-report-reveals-fukushima-radioactive-release-larger-chernobyl-japan-reactors-could-emitted-four-times-cesium-137/comment-page-1#comment-591781
- http ://behavior.vetmed.ucdavis.edu/local-assets/pdfs/Inappropriate_Mounting_in_Dogs.pdf
- October 23, 2014 at 5:08 pm - http://enenews.com/sailor-fukushima-impact-dead-thousands-miles-pacific-ocean-between-japan-talking-about-makes-feel-like-cry-birds-fish-sharks-dolphins-turtles-theyre-all-gone-audio/comment-page-1#comment-593778
- http ://apps.who.int/iris/bitstream/10665/78373/1/WHO_HSE_PHE_2013.1_eng.pdf
- https://www.virustotal.com/en/file/aed62e6804e87473726e4c85f2a6b83b8497425eca7c2a06323705aacbe83058/analysis/1416046642/
- Quote: "This PDF document contains 1 object stream. A stream object is just a sequence of bytes and very often is only used to store images and page descriptions, however, since it is not limited in length many attackers use these artifacts in conjunction with filters to obfuscate other objects."
- http://anubis.iseclab.org/?action=result&task_id=1e10c80ec7f86eaa4d5ac2c601dec32ac&format=html
- (Adobe Updater triggered)
- http ://anubis.iseclab.org/?action=result&task_id=1e10c80ec7f86eaa4d5ac2c601dec32ac&download=traffic.pcap
- https://www.virustotal.com/en/url/fee4fac9788a6f12b92816ef7eabec7401bc273652449f75b782fbd5e5bf9c99/analysis/1416072656/
- (inconclusive - download & upload to Anubis)
- https://www.virustotal.com/en/file/37bd9de6bbdb7dbb472612866eff65e94439023b60062a906c70667de3e7ef8e/analysis/1416072923/
- Quote: "PCAP file! The file being studied is a network traffic capture, when studying it with intrusion detection systems Snort triggered 0 alerts and Suricata triggered 2 alerts."
- ... "Intrusion Detection System"
- ... "Snort 0 alerts
- Suricata 2 alerts"
- ... "Wireshark file metadata
- File encapsulation Ethernet
- Number of packets 98
- Data size 48564 bytes"
- ... "DNS requests apps.who.int 158.232.12.85"
- ... "Suricata alerts Emerging Threats ETPro ruleset
- ET POLICY Reserved Internal IP Traffic (Potentially Bad Traffic)
- ET POLICY Internet Explorer 6 in use - Significant Security Risk (Potential Corporate Privacy Violation)"
- (note: not definative, flagged for further investigation)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement