Malicious Appsuite PDF Editor Spreads Tamperedchef Malware
A large cybercrime campaign has been observed involving multiple fraudulent websites promoted through Google advertising. The campaign aims to trick users into downloading and installing a trojanized PDF editor containing the TamperedChef information-stealing malware. The malware harvests sensitive data, including credentials and web cookies. The campaign began on June 26, 2025, with the PDF editor initially appearing harmless but later activating malicious capabilities. The threat actor used Google advertising to promote the PDF editor, with at least 5 different campaign IDs observed. The malware's activation occurred 56 days after the campaign's start, coinciding with a typical Google ad campaign duration. The threat actor has a history of distributing malicious code disguised as free utility tools, and this campaign has successfully affected several European organizations.
AI Analysis
Technical Summary
The threat involves a widespread cybercrime campaign distributing a trojanized PDF editor named Appsuite PDF Editor, which is a vector for the TamperedChef malware. This campaign leverages fraudulent websites promoted via Google advertising to lure victims into downloading what appears to be a legitimate PDF editing tool. The malware is an information stealer designed to harvest sensitive data such as user credentials and web cookies, enabling attackers to gain unauthorized access to victim accounts and systems. The campaign began on June 26, 2025, and notably, the malicious payload activates 56 days after the initial download, aligning with typical Google ad campaign durations to evade early detection. The threat actor behind this campaign has a history of distributing malware disguised as free utility software, indicating a persistent and evolving modus operandi. The malware employs multiple advanced techniques, including obfuscation and various tactics mapped to MITRE ATT&CK techniques such as credential dumping (T1555), process injection (T1055), command execution (T1059), and persistence mechanisms (T1547.001). The campaign has successfully compromised several European organizations, highlighting its effectiveness and reach. No known exploits in the wild have been reported, but the stealthy activation delay and use of trusted advertising platforms increase the risk of widespread infection.
Potential Impact
For European organizations, the impact of this threat is significant. The theft of credentials and web cookies can lead to unauthorized access to corporate networks, email accounts, and cloud services, potentially resulting in data breaches, intellectual property theft, and financial fraud. The delayed activation of the malware complicates detection and incident response, allowing attackers to establish persistence and conduct reconnaissance before triggering malicious activities. Organizations in sectors with high reliance on PDF tools and remote work environments are particularly vulnerable, as users may be more inclined to download utility software from online ads. The campaign's use of Google advertising also means that even security-conscious organizations could be exposed if employees interact with these ads. The compromise of sensitive data can lead to regulatory penalties under GDPR, reputational damage, and operational disruption. Additionally, the malware’s capability to execute various post-exploitation techniques increases the risk of lateral movement and further compromise within affected networks.
Mitigation Recommendations
To mitigate this threat, European organizations should implement a multi-layered defense strategy: 1) Enhance user awareness training focusing on the risks of downloading software from unverified sources, especially those promoted via online ads. 2) Employ application whitelisting to prevent unauthorized or unknown software installations. 3) Utilize advanced endpoint detection and response (EDR) solutions capable of detecting delayed activation behaviors and suspicious process injections. 4) Monitor network traffic for unusual outbound connections that may indicate data exfiltration or command and control communication. 5) Restrict the use of administrative privileges and implement credential hygiene practices, including multifactor authentication (MFA) to limit the impact of stolen credentials. 6) Regularly audit and update security policies regarding software procurement and installation. 7) Collaborate with advertising platforms to report and block fraudulent ads promoting malicious software. 8) Conduct threat hunting exercises focusing on indicators of compromise related to TamperedChef and similar malware. 9) Implement strict cookie management policies and consider isolating browser sessions to reduce cookie theft risks.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden
Indicators of Compromise
- hash: 41437d74945a79d7c3645539bb57c7b7
- hash: 4a670eacfd255ae43770e587d5dd0308
- hash: 56fff546ce738e76884611ca49c5751c
- hash: 62e43638548bbe4909eaf8408d8b5686
- hash: 63f0fae29430d1d7d0a21105aa51401f
- hash: 6c787f1dfb0fd50c3204906eec5d82ed
- hash: 6ccbffed360d97f73a9c567a54d2cc9b
- hash: 6dd8e63aba91adc347ebd99554ef9580
- hash: 6fd6c053f8fcf345efaa04f16ac0bffe
- hash: 8b38d88bae48bad5a710d05b0cc01c69
- hash: 8e046b2d89208d57b2c23933bfa2e1f4
- hash: f52ca24fd5f99891e0385959bad2ddd9
- hash: 09e6f577cfd26845fe6e97e86951930e646af72c
- hash: 16df861f4c4e1b1d1afe3e81922c305155576ffc
- hash: 1b157905d53f928e32f8a8d1211c76d59d24fccd
- hash: 21df00ac8bf8baa1111f3fc564d27a9eabf0f097
- hash: 47ea2a7ee51a325b082ec58c999eac453ab1b726
- hash: 664b0cb27490df5d414129be47f2ae2c5419e0cf
- hash: 6ac57526776493308624d57da6fff843c22302ea
- hash: 9a980119fbfb4e62024eed8026d7741194679461
- hash: abec5cd5df800f45083af07f424d4fe7d45b5b1f
- hash: f9ba54cf1d66b805cb2e96090988722ce4c84ad3
- hash: 031682d2f69322a68cd13d0e380cf149199b20755c6e08f4fb7b41d27a5378f0
- hash: 0a15e90c062bf6137336beba0ec480af8f370ceaedca3e1ff76cd131f2e54927
- hash: 0faaec07a598784fc76caa5254307a01383b229397e271020f319be84c7b8bf9
- hash: 10640dcc67b3e2e4a6dbbfdb2fab981de4676d57f9f093af3cfb6f4f8351baf6
- hash: 13698b05960edbda52fa8f4836526f27e8fc519ca0f4a7bc776990568523113e
- hash: 14fb07941492c7f014435633a02bf14761d91d1df3023fa0dd4c3210e80554b7
- hash: 189b0ba8c61740d5ad1c802649718958a86f5b7a8c8e795dc2e990909a9ab88a
- hash: 2221b218ad03b615683941d11bd8085ca87b7b576bc5d1a6c720a0eb223d4405
- hash: 232006ef149a2dcc150d765a3b330317d5e62f21391c1f355fba4a833a9dd49f
- hash: 25d1fd2706c39edeb453a30fbca7561142978468d3e94efa0982504d60b06757
- hash: 2ce20ceb2aaa24de8d3d7714bf87cef90b9cc90a21234d0b7cc78f22d9d5d5c1
- hash: 2e06a801c4bdfca8061c04dea3a43b0fd3b883b96f32dd901a076be786d466e6
- hash: 2e4de114ad10967f1807f317f476290dc0045bdfa9395553d1b443ef9f905018
- hash: 2f66690072dae1ca203e8c93330fccb8b5ccf8b8c9cce747250a11096d551794
- hash: 2fe2d16e51488337de25bb02c7ca4a06e2b7e3229cd2af9903db7c9efdf88e31
- hash: 3a2b1f97a47e63d48f8955311f18664aa2c5e5a865ec6f43d8943b81eefd5a65
- hash: 3b32696ebac176a898f277bb662099deebecf7216dae942e610dc8b7b3dd4c48
- hash: 3c702aa9c7e0f2e6557f3f4ac129afd2ad4cfa2b027d6f4a357c02d4185359c4
- hash: 42222692739edf910e1e25310923ddfbbea465a69b6d9e5ec01091c5aa0aee0f
- hash: 458ef97817fa4537ff9a4b73844260e4a9951ec4e7e4b4d3c13240bb8675764b
- hash: 5485bafd43f2f3865f18e74a14a00a433971cdc5b50c357bd0307179e0187e3d
- hash: 57c92ed1e87dda6091903e1360c065e594576e2125f5d45f159269b0bef47f32
- hash: 5964e5c15ea512ea3208109d7175e6b43c5f85a77de95f44d3dc81e1940f94e3
- hash: 5adc11546db45ab8e57f9bc2808b46898dc7eef179ccbf963552b694f0ec61b6
- hash: 5c21b5d1eb58367cb1ac189d383a7f0eb1e8d00d6722712897eb2efdbc670d1d
- hash: 5c839e560530a7a4077baa16294cc9dc404f98a42c004f2013903543383af669
- hash: 5cbd51bbd10008b92fe490a6fa87339dd3d0f57fce82d10dc4fa0566133ac94d
- hash: 5d3a41e2c6b854d12b70cea9000cafe1f3877bbccc51ca20f29da2e47f79a088
- hash: 5f52dc64c6d56287abcdd16d1e2a42db1a4bccc43263cbc259d881fc709242b9
- hash: 69b373084e47cbb54a9003ae2435adb49f184bfa11989a2800700da22a153dff
- hash: 6aa61426d77da6674efdf6f7d139b4ccd9eebf4afb86831b79da0b8913ba89d8
- hash: 6c6cde420ea1b48c2f070ae139a71294b3c4c6c768da4279e4fe3bd2a9ff1885
- hash: 6ec07c1d2dc566d59a7576cc4a89c605bcfc8abd414c77338c940fb8e3ed5f1a
- hash: 6ec7acd0ff0980b88801d5eed7dfe69d6349f2044bd5e1768f6d1ed7f403e43e
- hash: 76cf960146bf07ad8b459ceb401a35ed37c98cb4e84ace329595b5b0f3955d3a
- hash: 7e0d909c934620140db7d53e2caefdd58866484cb049f876f8a8428e6334618a
- hash: 88450ae2c0c19d2a3a54e7b2c029998ed3daf68e78fbd664aea50c7ed582f544
- hash: 8f1960939eee8d0689cc07613189f27054beff96e8740045de88fa1b6764b5b5
- hash: 95176fc574f3d707e68965690826759260c5867e865b19a000bebb20a01a2e0a
- hash: 987a94fbe252da32dfb83daeb52d5636bd61d4b88fb45e9a97b79df3c03edcb8
- hash: 9bbe83ec13fc6397ddb69c47a3266ae39b3204d68674b529170bc6b56bcbdfcc
- hash: 9e3334afa4a951c7e6eacc2ce16637919eb113ac1ca5527ece7140ae1f364e76
- hash: 9fa4d8a68d6f231577d62d560d110a66fd3f311cc8dcb1b4b10a50632d03ad1d
- hash: a3fc5447a9638a3469bab591d6f94ee2bc9c61fc12fd367317eec60f46955859
- hash: aaf6e40848b904e664cdfbefa1e42870c3e42387471a03361e4fd0781943a032
- hash: ab376fbec6ca90c8cac2fd4ec92c564638bde0e6737a48f687b5367c51f49a0b
- hash: aefab9c1959c5cb86fd656d9ea2148c584cae543ac203dd2ae4467a36382586a
- hash: b07ffbd8eed8dc989db1c58d84d3f8b9d57fb6a7b5f30af6d982e2bd4da0e696
- hash: b7f63771d24f07f5ce30f2a9f8895b815e47ab01a1e3c09322f55c16f140e041
- hash: bd21360149904ce42c6927d9c3fb482316f2537a4a7bce8b64990428e27a54ac
- hash: bdb0e1f2582547fdc64a656a813b0e67f8819f96918050f6114b159d7ca7fd69
- hash: ce0019424497040351c9054aa2ee6b07fc610024cc2cb2cc810de80f838c7a14
- hash: ce1a6009f013eafecbe13d72bee044c546654dad3805b7d2744d453e6544ecc8
- hash: cebe0ce89e4622118371f60cd82a9d0a7659e0916edf522cacba6b308bded8de
- hash: cf5194e7f63de52903b5d61109fd0d898b73dd3a07512e151077fba23cdf4800
- hash: d7315bbccff2899c1751c7f7e0e0b48d561366771699f48c90d9b448418856c2
- hash: da3c6ec20a006ec4b289a90488f824f0f72098a2f5c2d3f37d7a2d4a83b344a0
- hash: e08cc90e738e7e5f275d220b3914c2860a388e7ada67ed34fda1a01a23bf42bc
- hash: e6286f5f4c7cdde39c9300d1204ff504499c760bbffa56fc7e3830796537f71b
- hash: f4bc13b8b76656e4e4b7306d2dc6a5be4e19e752b015bcefbfdcc885a8bb122f
- hash: f6e323d4741baf047445a13bb9587acfb79cc2b16737b91df18a8a9bf5b307f4
- hash: f97c7edb0d8d9b65bf23df76412b6d2bbfbab6e3614e035789e4e1a30e40b7f1
- hash: fc4d1107958f70bd553d824224fc74b3b5ad2365f3599bfda795e0b718f3c76a
- domain: advancedtransmitart.net
- domain: apdft.net
- domain: cdasynergy.net
- domain: click4pdf.com
- domain: convertpdfplus.com
- domain: easyonestartpdf.com
- domain: fastonestartpdf.com
- domain: fileconverterdownload.com
- domain: getsmartpdf.com
- domain: itpdf.net
- domain: ltdpdf.com
- domain: ltdpdf.net
- domain: micromacrotechbase.com
- domain: mypdfonestart.com
- domain: onestartbrowser.com
- domain: pdf-kiosk.net
- domain: pdfappsuite.com
- domain: pdfdoccentral.com
- domain: pdffilehub.net
- domain: pdfhubspot.com
- domain: pdfonestarthub.com
- domain: pdfonestartlive.com
- domain: pdfonestarttoday.com
- domain: pdfscraper.com
- domain: pdfsmartkit.com
- domain: pdfts.site
- domain: pdfworker.com
- domain: proonestarthub.com
- domain: proonestartpdf.com
- domain: transmitcdnzion.com
- domain: download02.apdft.online
- domain: download02.pdfgj.com
- domain: download04.masterlifemastermind.net
- domain: download04.pdfgj.com
Malicious Appsuite PDF Editor Spreads Tamperedchef Malware
Description
A large cybercrime campaign has been observed involving multiple fraudulent websites promoted through Google advertising. The campaign aims to trick users into downloading and installing a trojanized PDF editor containing the TamperedChef information-stealing malware. The malware harvests sensitive data, including credentials and web cookies. The campaign began on June 26, 2025, with the PDF editor initially appearing harmless but later activating malicious capabilities. The threat actor used Google advertising to promote the PDF editor, with at least 5 different campaign IDs observed. The malware's activation occurred 56 days after the campaign's start, coinciding with a typical Google ad campaign duration. The threat actor has a history of distributing malicious code disguised as free utility tools, and this campaign has successfully affected several European organizations.
AI-Powered Analysis
Technical Analysis
The threat involves a widespread cybercrime campaign distributing a trojanized PDF editor named Appsuite PDF Editor, which is a vector for the TamperedChef malware. This campaign leverages fraudulent websites promoted via Google advertising to lure victims into downloading what appears to be a legitimate PDF editing tool. The malware is an information stealer designed to harvest sensitive data such as user credentials and web cookies, enabling attackers to gain unauthorized access to victim accounts and systems. The campaign began on June 26, 2025, and notably, the malicious payload activates 56 days after the initial download, aligning with typical Google ad campaign durations to evade early detection. The threat actor behind this campaign has a history of distributing malware disguised as free utility software, indicating a persistent and evolving modus operandi. The malware employs multiple advanced techniques, including obfuscation and various tactics mapped to MITRE ATT&CK techniques such as credential dumping (T1555), process injection (T1055), command execution (T1059), and persistence mechanisms (T1547.001). The campaign has successfully compromised several European organizations, highlighting its effectiveness and reach. No known exploits in the wild have been reported, but the stealthy activation delay and use of trusted advertising platforms increase the risk of widespread infection.
Potential Impact
For European organizations, the impact of this threat is significant. The theft of credentials and web cookies can lead to unauthorized access to corporate networks, email accounts, and cloud services, potentially resulting in data breaches, intellectual property theft, and financial fraud. The delayed activation of the malware complicates detection and incident response, allowing attackers to establish persistence and conduct reconnaissance before triggering malicious activities. Organizations in sectors with high reliance on PDF tools and remote work environments are particularly vulnerable, as users may be more inclined to download utility software from online ads. The campaign's use of Google advertising also means that even security-conscious organizations could be exposed if employees interact with these ads. The compromise of sensitive data can lead to regulatory penalties under GDPR, reputational damage, and operational disruption. Additionally, the malware’s capability to execute various post-exploitation techniques increases the risk of lateral movement and further compromise within affected networks.
Mitigation Recommendations
To mitigate this threat, European organizations should implement a multi-layered defense strategy: 1) Enhance user awareness training focusing on the risks of downloading software from unverified sources, especially those promoted via online ads. 2) Employ application whitelisting to prevent unauthorized or unknown software installations. 3) Utilize advanced endpoint detection and response (EDR) solutions capable of detecting delayed activation behaviors and suspicious process injections. 4) Monitor network traffic for unusual outbound connections that may indicate data exfiltration or command and control communication. 5) Restrict the use of administrative privileges and implement credential hygiene practices, including multifactor authentication (MFA) to limit the impact of stolen credentials. 6) Regularly audit and update security policies regarding software procurement and installation. 7) Collaborate with advertising platforms to report and block fraudulent ads promoting malicious software. 8) Conduct threat hunting exercises focusing on indicators of compromise related to TamperedChef and similar malware. 9) Implement strict cookie management policies and consider isolating browser sessions to reduce cookie theft risks.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.truesec.com/hub/blog/tamperedchef-the-bad-pdf-editor"]
- Adversary
- null
- Pulse Id
- 68b05ada69e45706752086fa
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash41437d74945a79d7c3645539bb57c7b7 | — | |
hash4a670eacfd255ae43770e587d5dd0308 | — | |
hash56fff546ce738e76884611ca49c5751c | — | |
hash62e43638548bbe4909eaf8408d8b5686 | — | |
hash63f0fae29430d1d7d0a21105aa51401f | — | |
hash6c787f1dfb0fd50c3204906eec5d82ed | — | |
hash6ccbffed360d97f73a9c567a54d2cc9b | — | |
hash6dd8e63aba91adc347ebd99554ef9580 | — | |
hash6fd6c053f8fcf345efaa04f16ac0bffe | — | |
hash8b38d88bae48bad5a710d05b0cc01c69 | — | |
hash8e046b2d89208d57b2c23933bfa2e1f4 | — | |
hashf52ca24fd5f99891e0385959bad2ddd9 | — | |
hash09e6f577cfd26845fe6e97e86951930e646af72c | — | |
hash16df861f4c4e1b1d1afe3e81922c305155576ffc | — | |
hash1b157905d53f928e32f8a8d1211c76d59d24fccd | — | |
hash21df00ac8bf8baa1111f3fc564d27a9eabf0f097 | — | |
hash47ea2a7ee51a325b082ec58c999eac453ab1b726 | — | |
hash664b0cb27490df5d414129be47f2ae2c5419e0cf | — | |
hash6ac57526776493308624d57da6fff843c22302ea | — | |
hash9a980119fbfb4e62024eed8026d7741194679461 | — | |
hashabec5cd5df800f45083af07f424d4fe7d45b5b1f | — | |
hashf9ba54cf1d66b805cb2e96090988722ce4c84ad3 | — | |
hash031682d2f69322a68cd13d0e380cf149199b20755c6e08f4fb7b41d27a5378f0 | — | |
hash0a15e90c062bf6137336beba0ec480af8f370ceaedca3e1ff76cd131f2e54927 | — | |
hash0faaec07a598784fc76caa5254307a01383b229397e271020f319be84c7b8bf9 | — | |
hash10640dcc67b3e2e4a6dbbfdb2fab981de4676d57f9f093af3cfb6f4f8351baf6 | — | |
hash13698b05960edbda52fa8f4836526f27e8fc519ca0f4a7bc776990568523113e | — | |
hash14fb07941492c7f014435633a02bf14761d91d1df3023fa0dd4c3210e80554b7 | — | |
hash189b0ba8c61740d5ad1c802649718958a86f5b7a8c8e795dc2e990909a9ab88a | — | |
hash2221b218ad03b615683941d11bd8085ca87b7b576bc5d1a6c720a0eb223d4405 | — | |
hash232006ef149a2dcc150d765a3b330317d5e62f21391c1f355fba4a833a9dd49f | — | |
hash25d1fd2706c39edeb453a30fbca7561142978468d3e94efa0982504d60b06757 | — | |
hash2ce20ceb2aaa24de8d3d7714bf87cef90b9cc90a21234d0b7cc78f22d9d5d5c1 | — | |
hash2e06a801c4bdfca8061c04dea3a43b0fd3b883b96f32dd901a076be786d466e6 | — | |
hash2e4de114ad10967f1807f317f476290dc0045bdfa9395553d1b443ef9f905018 | — | |
hash2f66690072dae1ca203e8c93330fccb8b5ccf8b8c9cce747250a11096d551794 | — | |
hash2fe2d16e51488337de25bb02c7ca4a06e2b7e3229cd2af9903db7c9efdf88e31 | — | |
hash3a2b1f97a47e63d48f8955311f18664aa2c5e5a865ec6f43d8943b81eefd5a65 | — | |
hash3b32696ebac176a898f277bb662099deebecf7216dae942e610dc8b7b3dd4c48 | — | |
hash3c702aa9c7e0f2e6557f3f4ac129afd2ad4cfa2b027d6f4a357c02d4185359c4 | — | |
hash42222692739edf910e1e25310923ddfbbea465a69b6d9e5ec01091c5aa0aee0f | — | |
hash458ef97817fa4537ff9a4b73844260e4a9951ec4e7e4b4d3c13240bb8675764b | — | |
hash5485bafd43f2f3865f18e74a14a00a433971cdc5b50c357bd0307179e0187e3d | — | |
hash57c92ed1e87dda6091903e1360c065e594576e2125f5d45f159269b0bef47f32 | — | |
hash5964e5c15ea512ea3208109d7175e6b43c5f85a77de95f44d3dc81e1940f94e3 | — | |
hash5adc11546db45ab8e57f9bc2808b46898dc7eef179ccbf963552b694f0ec61b6 | — | |
hash5c21b5d1eb58367cb1ac189d383a7f0eb1e8d00d6722712897eb2efdbc670d1d | — | |
hash5c839e560530a7a4077baa16294cc9dc404f98a42c004f2013903543383af669 | — | |
hash5cbd51bbd10008b92fe490a6fa87339dd3d0f57fce82d10dc4fa0566133ac94d | — | |
hash5d3a41e2c6b854d12b70cea9000cafe1f3877bbccc51ca20f29da2e47f79a088 | — | |
hash5f52dc64c6d56287abcdd16d1e2a42db1a4bccc43263cbc259d881fc709242b9 | — | |
hash69b373084e47cbb54a9003ae2435adb49f184bfa11989a2800700da22a153dff | — | |
hash6aa61426d77da6674efdf6f7d139b4ccd9eebf4afb86831b79da0b8913ba89d8 | — | |
hash6c6cde420ea1b48c2f070ae139a71294b3c4c6c768da4279e4fe3bd2a9ff1885 | — | |
hash6ec07c1d2dc566d59a7576cc4a89c605bcfc8abd414c77338c940fb8e3ed5f1a | — | |
hash6ec7acd0ff0980b88801d5eed7dfe69d6349f2044bd5e1768f6d1ed7f403e43e | — | |
hash76cf960146bf07ad8b459ceb401a35ed37c98cb4e84ace329595b5b0f3955d3a | — | |
hash7e0d909c934620140db7d53e2caefdd58866484cb049f876f8a8428e6334618a | — | |
hash88450ae2c0c19d2a3a54e7b2c029998ed3daf68e78fbd664aea50c7ed582f544 | — | |
hash8f1960939eee8d0689cc07613189f27054beff96e8740045de88fa1b6764b5b5 | — | |
hash95176fc574f3d707e68965690826759260c5867e865b19a000bebb20a01a2e0a | — | |
hash987a94fbe252da32dfb83daeb52d5636bd61d4b88fb45e9a97b79df3c03edcb8 | — | |
hash9bbe83ec13fc6397ddb69c47a3266ae39b3204d68674b529170bc6b56bcbdfcc | — | |
hash9e3334afa4a951c7e6eacc2ce16637919eb113ac1ca5527ece7140ae1f364e76 | — | |
hash9fa4d8a68d6f231577d62d560d110a66fd3f311cc8dcb1b4b10a50632d03ad1d | — | |
hasha3fc5447a9638a3469bab591d6f94ee2bc9c61fc12fd367317eec60f46955859 | — | |
hashaaf6e40848b904e664cdfbefa1e42870c3e42387471a03361e4fd0781943a032 | — | |
hashab376fbec6ca90c8cac2fd4ec92c564638bde0e6737a48f687b5367c51f49a0b | — | |
hashaefab9c1959c5cb86fd656d9ea2148c584cae543ac203dd2ae4467a36382586a | — | |
hashb07ffbd8eed8dc989db1c58d84d3f8b9d57fb6a7b5f30af6d982e2bd4da0e696 | — | |
hashb7f63771d24f07f5ce30f2a9f8895b815e47ab01a1e3c09322f55c16f140e041 | — | |
hashbd21360149904ce42c6927d9c3fb482316f2537a4a7bce8b64990428e27a54ac | — | |
hashbdb0e1f2582547fdc64a656a813b0e67f8819f96918050f6114b159d7ca7fd69 | — | |
hashce0019424497040351c9054aa2ee6b07fc610024cc2cb2cc810de80f838c7a14 | — | |
hashce1a6009f013eafecbe13d72bee044c546654dad3805b7d2744d453e6544ecc8 | — | |
hashcebe0ce89e4622118371f60cd82a9d0a7659e0916edf522cacba6b308bded8de | — | |
hashcf5194e7f63de52903b5d61109fd0d898b73dd3a07512e151077fba23cdf4800 | — | |
hashd7315bbccff2899c1751c7f7e0e0b48d561366771699f48c90d9b448418856c2 | — | |
hashda3c6ec20a006ec4b289a90488f824f0f72098a2f5c2d3f37d7a2d4a83b344a0 | — | |
hashe08cc90e738e7e5f275d220b3914c2860a388e7ada67ed34fda1a01a23bf42bc | — | |
hashe6286f5f4c7cdde39c9300d1204ff504499c760bbffa56fc7e3830796537f71b | — | |
hashf4bc13b8b76656e4e4b7306d2dc6a5be4e19e752b015bcefbfdcc885a8bb122f | — | |
hashf6e323d4741baf047445a13bb9587acfb79cc2b16737b91df18a8a9bf5b307f4 | — | |
hashf97c7edb0d8d9b65bf23df76412b6d2bbfbab6e3614e035789e4e1a30e40b7f1 | — | |
hashfc4d1107958f70bd553d824224fc74b3b5ad2365f3599bfda795e0b718f3c76a | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainadvancedtransmitart.net | — | |
domainapdft.net | — | |
domaincdasynergy.net | — | |
domainclick4pdf.com | — | |
domainconvertpdfplus.com | — | |
domaineasyonestartpdf.com | — | |
domainfastonestartpdf.com | — | |
domainfileconverterdownload.com | — | |
domaingetsmartpdf.com | — | |
domainitpdf.net | — | |
domainltdpdf.com | — | |
domainltdpdf.net | — | |
domainmicromacrotechbase.com | — | |
domainmypdfonestart.com | — | |
domainonestartbrowser.com | — | |
domainpdf-kiosk.net | — | |
domainpdfappsuite.com | — | |
domainpdfdoccentral.com | — | |
domainpdffilehub.net | — | |
domainpdfhubspot.com | — | |
domainpdfonestarthub.com | — | |
domainpdfonestartlive.com | — | |
domainpdfonestarttoday.com | — | |
domainpdfscraper.com | — | |
domainpdfsmartkit.com | — | |
domainpdfts.site | — | |
domainpdfworker.com | — | |
domainproonestarthub.com | — | |
domainproonestartpdf.com | — | |
domaintransmitcdnzion.com | — | |
domaindownload02.apdft.online | — | |
domaindownload02.pdfgj.com | — | |
domaindownload04.masterlifemastermind.net | — | |
domaindownload04.pdfgj.com | — |
Threat ID: 68b05e04ad5a09ad006d2ef7
Added to database: 8/28/2025, 1:47:48 PM
Last enriched: 8/28/2025, 2:05:24 PM
Last updated: 8/31/2025, 6:43:09 PM
Views: 86
Related Threats
ThreatFox IOCs for 2025-08-30
MediumThreatFox IOCs for 2025-08-29
MediumOperation HanKook Phantom: Spear-Phishing Campaign
MediumThe First AI-Powered Ransomware & How It Works
MediumAI Waifu RAT: A Ring3 malware-like RAT based on LLM manipulation is circulating in the wild.
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.