Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000003.645343119.000000001BE94000.00000004.00000001.sdmp | String found in binary or memory: http://en.w |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://fontfabrik.com |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.666828004.0000000002F41000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.679709753.0000000002F6C000.00000004.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.699597146.0000000002EA1000.00000004.00000001.sdmp, winhost.exe, 00000010.00000002.709960632.000000000336E000.00000004.00000001.sdmp, winhost.exe, 00000013.00000002.722391711.0000000002AD8000.00000004.00000001.sdmp | String found in binary or memory: http://gpay-safe.ru |
Source: winhost.exe, winhost.exe, 00000013.00000002.718658230.0000000000162000.00000002.00020000.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe | String found in binary or memory: http://gpay-safe.ru/x/ |
Source: winhost.exe, 00000013.00000002.722391711.0000000002AD8000.00000004.00000001.sdmp | String found in binary or memory: http://gpay-safe.ru/x//getCommand.php?id=SGFDa182NUYxRDNBOQ |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.666828004.0000000002F41000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.679744908.0000000002FA0000.00000004.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.700029251.0000000002F20000.00000004.00000001.sdmp, winhost.exe, 00000010.00000002.709960632.000000000336E000.00000004.00000001.sdmp, winhost.exe, 00000013.00000002.722391711.0000000002AD8000.00000004.00000001.sdmp | String found in binary or memory: http://gpay-safe.ru/x//getCommand.php?id=SGFDa182NUYxRDNBOQx |
Source: winhost.exe, 00000013.00000002.722391711.0000000002AD8000.00000004.00000001.sdmp | String found in binary or memory: http://gpay-safe.ru/x//receive.php?command=T25saW5l&vicID=SGFDa182NUYxRDNBOQ |
Source: winhost.exe, 00000008.00000002.679744908.0000000002FA0000.00000004.00000001.sdmp, winhost.exe, 00000010.00000002.709960632.000000000336E000.00000004.00000001.sdmp, winhost.exe, 00000013.00000002.722391711.0000000002AD8000.00000004.00000001.sdmp | String found in binary or memory: http://gpay-safe.ru/x//receive.php?command=T25saW5l&vicID=SGFDa182NUYxRDNBOQx |
Source: winhost.exe, 00000013.00000002.722391711.0000000002AD8000.00000004.00000001.sdmp | String found in binary or memory: http://gpay-safe.ru/x//receive.php?command=VW5pbnN0YWxs&vicID=SGFDa182NUYxRDNBOQ |
Source: winhost.exe, 00000008.00000002.679744908.0000000002FA0000.00000004.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.700029251.0000000002F20000.00000004.00000001.sdmp, winhost.exe, 00000010.00000002.709960632.000000000336E000.00000004.00000001.sdmp, winhost.exe, 00000013.00000002.722391711.0000000002AD8000.00000004.00000001.sdmp | String found in binary or memory: http://gpay-safe.ru/x//receive.php?command=VW5pbnN0YWxs&vicID=SGFDa182NUYxRDNBOQx |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000003.646554695.000000001BECF000.00000004.00000001.sdmp | String found in binary or memory: http://www.apache.o |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000003.649141258.000000001BE94000.00000004.00000001.sdmp | String found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlx |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.carterandcone.coml |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com |
Source: winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000003.651883264.000000001BED7000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000003.651567513.000000001BED7000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000003.651132557.000000001BED7000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designersP |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.fonts.com |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.sakkal.com |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
Source: winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.tiro.com |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000003.647017703.000000001BECF000.00000004.00000001.sdmp | String found in binary or memory: http://www.tiro.com8 |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.typography.netD |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 00000000.00000002.670511063.000000001D122000.00000004.00000001.sdmp, winhost.exe, 00000008.00000002.680915248.000000001BD90000.00000002.00000001.sdmp, 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, 0000000C.00000002.705052799.000000001BEB0000.00000002.00000001.sdmp, winhost.exe, 00000010.00000002.715029058.000000001C130000.00000002.00000001.sdmp, winhost.exe, 00000013.00000002.724095756.000000001B760000.00000002.00000001.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, type: SAMPLE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, type: SAMPLE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, type: SAMPLE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe, type: SAMPLE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.2.winhost.exe.160000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 19.2.winhost.exe.160000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.2.winhost.exe.160000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.2.winhost.exe.160000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.0.winhost.exe.160000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 19.0.winhost.exe.160000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.0.winhost.exe.160000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.0.winhost.exe.160000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.9b0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 0.2.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.9b0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.9b0000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.9b0000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 12.2.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.810000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 12.2.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.810000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 12.2.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.810000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 12.2.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.810000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.2.winhost.exe.ae0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 16.2.winhost.exe.ae0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.2.winhost.exe.ae0000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.2.winhost.exe.ae0000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.0.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.9b0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 0.0.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.9b0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.0.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.9b0000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.0.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.9b0000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.0.winhost.exe.ae0000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 16.0.winhost.exe.ae0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.0.winhost.exe.ae0000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.0.winhost.exe.ae0000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 12.0.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.810000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 12.0.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.810000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 12.0.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.810000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 12.0.4054EE21CBFC210489F119C2D717CA1AE43129FC0D07A.exe.810000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 8.2.winhost.exe.720000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 8.2.winhost.exe.720000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 8.2.winhost.exe.720000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 8.2.winhost.exe.720000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 8.0.winhost.exe.720000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: 8.0.winhost.exe.720000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 8.0.winhost.exe.720000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 8.0.winhost.exe.720000.0.unpack, type: UNPACKEDPE | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: dropped/winhost.exe, type: DROPPED | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: dropped/winhost.exe, type: DROPPED | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: dropped/winhost.exe, type: DROPPED | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: dropped/winhost.exe, type: DROPPED | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Local\Temp\Microsoft\MyClient\winhost.exe, type: DROPPED | Matched rule: SUSP_Modified_SystemExeFileName_in_File date = 2018-12-11, hash2 = f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e, author = Florian Roth, description = Detecst a variant of a system file name often used by attackers to cloak their activity, reference = https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group, score = 5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
Source: C:\Users\user\AppData\Local\Temp\Microsoft\MyClient\winhost.exe, type: DROPPED | Matched rule: MAL_Winnti_Sample_May18_1 date = 2018-05-04, hash1 = 528d9eaaac67716e6b37dd562770190318c8766fa1b2f33c0974f7d5f6725d41, author = Florian Roth, description = Detects malware sample from Burning Umbrella report - Generic Winnti Rule, reference = https://401trg.pw/burning-umbrella/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Local\Temp\Microsoft\MyClient\winhost.exe, type: DROPPED | Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Local\Temp\Microsoft\MyClient\winhost.exe, type: DROPPED | Matched rule: HKTL_NET_GUID_BlackNET date = 2020-12-30, author = Arnim Rupp, description = Detects VB.NET red/black-team tools via typelibguid, reference = https://github.com/BlackHacker511/BlackNET, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |