Source: 3.3.order_of_quotationpdf.exe.718718.0.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 3.2.order_of_quotationpdf.exe.562070.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.4724960.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.37194b8.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.4774980.9.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.3.order_of_quotationpdf.exe.715910.2.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 3.2.order_of_quotationpdf.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 3.2.order_of_quotationpdf.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.2.order_of_quotationpdf.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 3.2.order_of_quotationpdf.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 3.2.order_of_quotationpdf.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.37d6318.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.37d6318.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.37d6318.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.37d6318.1.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.3.order_of_quotationpdf.exe.727100.3.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.727100.3.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.727100.3.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 00000000.00000002.401456152.0000000003747000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 00000003.00000002.586825371.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth (Nextron Systems) |
Source: 00000003.00000002.586825371.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 00000003.00000002.586825371.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Detects SystemBC Author: ditekSHen |
Source: 00000003.00000002.586825371.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 00000003.00000002.586825371.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: AveMaria_WarZone Author: unknown |
Source: 00000003.00000003.403463816.0000000000715000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 00000000.00000002.402471739.0000000004749000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 00000000.00000002.402471739.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 00000000.00000002.401456152.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 Author: unknown |
Source: 3.3.order_of_quotationpdf.exe.718718.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.order_of_quotationpdf.exe.718718.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.2.order_of_quotationpdf.exe.562070.0.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.2.order_of_quotationpdf.exe.562070.0.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.4724960.6.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.4724960.6.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.37194b8.4.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.37194b8.4.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.4774980.9.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.4774980.9.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 3.2.order_of_quotationpdf.exe.400000.2.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.3.order_of_quotationpdf.exe.715910.2.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.order_of_quotationpdf.exe.715910.2.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.2.order_of_quotationpdf.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.order_of_quotationpdf.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.2.order_of_quotationpdf.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 3.2.order_of_quotationpdf.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 3.2.order_of_quotationpdf.exe.400000.2.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 0.2.order_of_quotationpdf.exe.46f94f0.5.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.order_of_quotationpdf.exe.37d6318.1.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.37d6318.1.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.37d6318.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.order_of_quotationpdf.exe.37d6318.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 0.2.order_of_quotationpdf.exe.37d6318.1.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 0.2.order_of_quotationpdf.exe.4749510.10.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 3.3.order_of_quotationpdf.exe.716ea8.1.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 3.3.order_of_quotationpdf.exe.718718.0.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.3.order_of_quotationpdf.exe.727100.3.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.3.order_of_quotationpdf.exe.727100.3.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 3.3.order_of_quotationpdf.exe.727100.3.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 0.2.order_of_quotationpdf.exe.37cd994.0.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 3.3.order_of_quotationpdf.exe.715910.2.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 0.2.order_of_quotationpdf.exe.37cc124.3.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000003.00000002.586825371.0000000000561000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000000.00000002.401456152.0000000003747000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000000.00000002.401456152.0000000003747000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 00000003.00000002.586825371.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth (Nextron Systems), description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000003.00000002.586825371.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 00000003.00000002.586825371.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: MALWARE_Win_EXEPWSH_DLAgent author = ditekSHen, description = Detects SystemBC |
Source: 00000003.00000002.586825371.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 00000003.00000002.586825371.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000003.00000003.403463816.0000000000715000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000003.00000003.403463816.0000000000715000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 00000000.00000002.402471739.0000000004749000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000000.00000002.402471739.0000000004749000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 00000000.00000002.402471739.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000000.00000002.402471739.00000000046B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |
Source: 00000000.00000002.401456152.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth (Nextron Systems), description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000000.00000002.401456152.00000000036A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_AveMaria_31d2bce9 reference_sample = 5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b, os = windows, severity = x86, creation_date = 2021-05-30, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AveMaria, fingerprint = 8f75e2d8308227a42743168deb021de18ad485763fd257991c5e627c025c30c0, id = 31d2bce9-3266-447b-9a2d-57cf11a0ff1f, last_modified = 2021-08-23 |