{
	"id": "9b153e98-71b5-419e-bf5c-58304d4cc4ee",
	"created_at": "2026-04-06T00:15:22.825926Z",
	"updated_at": "2026-04-10T13:12:35.692342Z",
	"deleted_at": null,
	"sha1_hash": "3f4237c1d94999bad7a30320144464197444c739",
	"title": "C2_Communication_of_ThreatNeedle.pdf",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31198,
	"plain_text": "C2_Communication_of_ThreatNeedle.pdf\r\nArchived: 2026-04-05 17:11:55 UTC\r\nSida 4 av 27\r\n01. Server Analysis\r\nAn attacker could exploit this\r\nvulerrability to execute arbitrary code on\r\nthe system with privileges of the victim.\r\nATMFD.dll in the Windows font library in\r\nMicrosoft Windows OS allows remote\r\nattackers to execute arbitrary code via a\r\ncrafted web site.\r\nCVE-2016-7256\r\nIIS remote code execution vulnerability.\r\nThe ScStoragePathFromUrl function has\r\na buffer overflow vulnerability in the IIS\r\n6.0 WebDAV service on Windows\r\nServer 2003. The vulnerability allows an\r\nattacker to run arbitrary code by\r\nconstructing a PROPFIND request with\r\na long header. So hackers can exsploit\r\nthe vulnerability by running code\r\nremotely.\r\nCVE-2017-7269\r\nA webshell is a script written in the\r\nsupported language of a target web\r\nhttps://drive.google.com/file/d/1XoGQFEJQ4nFAUXSGwcnTobviQ_ms35mG/view\r\nPage 1 of 2\n\nserver to be uplodaded to enable remote\r\naccess and administration of the\r\nmachine. The shell gives the creator the\r\nability to crate, edit, download any file of\r\nchoice, top of the list for infiltrators is\r\nusing a web shell to gain root access to\r\nserver.\r\nWebshell\r\nSource: https://drive.google.com/file/d/1XoGQFEJQ4nFAUXSGwcnTobviQ_ms35mG/view\r\nhttps://drive.google.com/file/d/1XoGQFEJQ4nFAUXSGwcnTobviQ_ms35mG/view\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://drive.google.com/file/d/1XoGQFEJQ4nFAUXSGwcnTobviQ_ms35mG/view"
	],
	"report_names": [
		"view"
	],
	"threat_actors": [],
	"ts_created_at": 1775434522,
	"ts_updated_at": 1775826755,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3f4237c1d94999bad7a30320144464197444c739.pdf",
		"text": "https://archive.orkl.eu/3f4237c1d94999bad7a30320144464197444c739.txt",
		"img": "https://archive.orkl.eu/3f4237c1d94999bad7a30320144464197444c739.jpg"
	}
}