PDF “Flawed Design” Exploitation
May 14, 2024, 6:03 p.m.
Description
Check Point Research identified an unusual pattern involving PDF exploitation, mainly targeting users of Foxit Reader. This exploit triggers security warnings that could deceive users into executing harmful commands. The exploitation occurs through a flawed design in Foxit Reader, showing 'OK' as the default option, potentially leading users to ignore warnings and execute malicious code. This exploit has been actively utilized by various threat actors, from e-crime to espionage groups, taking advantage of its low detection rate. The campaigns leverage techniques like distributing malicious PDFs via links, employing legitimate hosting platforms, and achieving impressive attack chains.
Tags
Date
- Created: May 14, 2024, 3:30 p.m.
- Published: May 14, 2024, 3:30 p.m.
- Modified: May 14, 2024, 6:03 p.m.
Indicators
- fc330bb132a345af05feb0d275eeef29c7a439a04223757f33360393cf975ca9
- f002712b557a93da23bbf4207e5bc57cc5e4e6e841653ffab59deb97b19f214e
- ecb4f5f0ee0cda289056f2f994c061d53cfbc8ac413f2ca4da8864c68f0a23f6
- ee42cf45fff12bcc9e9262955470bfed810f3530e651fddb054456264635d9d2
- eb87ec49879dc44b6794bb70bd6c706e74694e4c2bbc1926dd4cff42e5b63cc6
- e32d2966a22243f346e06d4da5164abab63c2700c905f22c09a18125ee4de559
- e9bf261a779c1b3a023189bef509579bad8b496dcfe5e96c19cf8cc8bea48a08
- de8ecd738f1f24a94aba06f19d426399bc250cc5e7b848b2cbd92fc1d6906403
- d761fe4d58fe68fc95d72871429f0fce6055389a58f81cf0a19eb905a96e1c38
- d5483049dc32d1a57e759839930fe17fe31a5f513d24074710f98ec186f06777
- d44f161b75cba92d61759ef535596912e1ea8b6a5a2067a2832f953808ca8609
- d2bd6a05d1e30586216e73602a05367380ae66654cd0bccabb0414ef6810ab18
- c943fe1b8e1b17ec379d33a6e5819a5736cb5de13564f86f1d3fba320ccebaa0
- c1436f65acbf7123d1a45b0898be69ba964f0c6d569aa350c9d8a5f187b3c0e7
- b59ab9147214bc1682006918692febed4ad37e1d305c5c80dc1ee461914eacd2
- ac7598e2b4dd12ac584a288f528a94c484570582c9877c821c47789447b780ec
- b3ad75eef9208d58a904030d44da22c59ce7bd47ed798b0a14b58330a1390fe8
- a5c9a3518f072982404e68dc6a3dc90edebbf292fc1aca6962b6ccf64f4fe28c
- a4a8486c26c050ed3b3eb02c826b1b67e505ada0bf864a223287d5b3f7a0cde0
- a334a9c1a658f4ebef7ba336f9a27693030dc444509bd9fa8fdefe8aaae3a133
- 9c5883cf118f1d22795f7b5661573f8099554c5a3f78d592e8917917baa6d20f
- 9a7f4ff5fd0a972eeda9293727f0eecdd7ce2cfe0a072cdf9d3402ee9c46a48e
- 8155a6423d64f30d2994163425d3fbe14a52927d3616ffacea36ddc71a6af4b0
- 7f5f1586b243f477c484c34fa6243c20b3ecf29700c6c17e23a4daf9360e2d2f
- 79e1cb66cb52852ca3f46a2089115e11fff760227ae0ac13f128dda067675fbc
- 5c42a4b474d7433bd9f1665dc914de7b3cc7fbdb9618b0322324b534440737d7
- 4ef9133773d596d1c888b0ffe36287a810042172b0af0dfad8c2b0c9875d1c65
- 4a7aeb6f510cf5d038e566a3ccd45e98a46463bb67eb34012c8e64444464b081
- 4ef3a6703abc6b2b8e2cac3031c1e5b86fe8b377fde92737349ee52bd2604379
- 3f291d07a7b0596dcdf6f419e6b38645b77b551a2716649c12b8706d31228d79
- 3e9a60d5f6174bb1f1c973e9466f3e70c74c771043ee00688e50cac5e8efe185
- 2d40e892e059850ba708f8092523efeede759ecd6e52d8cb7752462fcdb6f715
- 2aa9459160149ecefd1c9b63420eedc7fe3a21ae0ca3e080c93fd39fef32e9c0
- 2266f701f749d4f393b8a123bd7208ec7d5b18bbd22eb47853b906686327ad59
- 20549f237f3552570692e6e2bb31c4d2ddf8133c5f59f5914522e88239370514
- 1cbf897cccc22a1e6d6a12766adf0dcee4c103539add2c10c7906042e19519f4
- 19a8201c6a3063b897d696330c1b60bd97914514d2ae6a6c3c1796bec236724a
- 0ade87ba165a269fd4c03177226a148904e14bd328bdbb31799d2ead59d7c2fa
- 87effdf835590f85db589768b14adae2f76b59b2f33fae0300aef50575e6340d
- 139.99.85.106