Source: CVbJSUXraQ.exe, type: SAMPLE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: CVbJSUXraQ.exe, type: SAMPLE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: CVbJSUXraQ.exe, type: SAMPLE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.3.CVbJSUXraQ.exe.3800000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 10.3.SystemPropertiesPerformance.exe.187c7b0.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 7.2.CVbJSUXraQ.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 5.0.svchost.exe.c9ac50.8.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 5.0.svchost.exe.cc5c50.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 5.0.svchost.exe.c60000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 7.2.CVbJSUXraQ.exe.ee5bac.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.ee5bac.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.ee5bac.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.ee5bac.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.ee5bac.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.3.SystemPropertiesPerformance.exe.1924408.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.2.CVbJSUXraQ.exe.ee5bac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.ee5bac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.ee5bac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.ee5bac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.ee5bac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 5.2.svchost.exe.c60000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 4.0.vnc.exe.ab6000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 5.0.svchost.exe.c60000.3.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.3.SystemPropertiesPerformance.exe.14d0000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.3.SystemPropertiesPerformance.exe.5ce01cc.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5ce01cc.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5ce01cc.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5ce01cc.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5ce01cc.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.3.SystemPropertiesPerformance.exe.18f9408.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.3.CVbJSUXraQ.exe.1833408.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.3.CVbJSUXraQ.exe.175f8e0.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.3.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.3.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.3.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.3.CVbJSUXraQ.exe.3800000.6.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 1.3.CVbJSUXraQ.exe.175f8e0.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.3.CVbJSUXraQ.exe.1808408.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.0.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.0.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 5.2.svchost.exe.cc5c50.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 4.0.vnc.exe.ae1000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 5.0.svchost.exe.c9ac50.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.2.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 5.0.svchost.exe.cc5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.3.SystemPropertiesPerformance.exe.18517b0.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 5.0.svchost.exe.c60000.6.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 4.2.vnc.exe.ab6000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 4.2.vnc.exe.ae1000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 5.2.svchost.exe.c9ac50.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.0.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee5bac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee5bac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee5bac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee5bac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.ee5bac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 5.0.svchost.exe.cc5c50.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.3.SystemPropertiesPerformance.exe.14d0000.4.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.ee5bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.ee5bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.ee5bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.ee5bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.ee5bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 10.2.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.187c7b0.3.unpack, type: UNPACKEDPE | Matched rule: Azorult Payload Author: kevoreilly |
Source: 7.2.CVbJSUXraQ.exe.db0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.db0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.db0000.1.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 10.0.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 5.0.svchost.exe.c9ac50.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 1.2.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.2.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 1.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: 00000001.00000003.686336521.0000000001887000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000013.00000000.745828436.0000000000DF2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000017.00000000.783293959.0000000000AA2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0000000A.00000003.797016218.0000000005C71000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000004.00000000.684341973.0000000000AB6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 00000004.00000002.749080496.0000000000AB6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 00000012.00000000.724863626.00000000003F2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000013.00000002.754022001.0000000000DF2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000001.00000003.684577030.000000000176B000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0000000A.00000003.790922233.00000000014D0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Azorult Payload Author: kevoreilly |
Source: 0000000D.00000000.706677041.0000000000882000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000012.00000002.732311496.00000000003F2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000015.00000000.775754648.0000000000DA6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 00000006.00000000.686167876.0000000000F12000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0000000A.00000003.785992209.000000000184E000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000006.00000002.707649613.0000000000F12000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000007.00000000.687913717.0000000000E77000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0000000D.00000002.938115894.0000000000882000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000001.00000000.668699670.0000000000E77000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0000000A.00000000.695543942.0000000000B07000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000018.00000000.790493423.0000000000B07000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0000000A.00000003.784574167.00000000018F6000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000001.00000003.686395578.0000000001805000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0000000E.00000002.737013238.00000000001B2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0000000A.00000003.776479918.000000000184E000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000001.00000002.939820117.0000000000E77000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000017.00000002.797076892.0000000000AA2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000015.00000002.950447510.0000000000DA6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: Detects Zloader hidden VNC Author: @VK_Intel |
Source: 00000001.00000003.689148939.0000000003800000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Azorult Payload Author: kevoreilly |
Source: 00000007.00000002.939563903.0000000000E77000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0000000E.00000000.708127388.00000000001B2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000018.00000002.796549316.0000000000B07000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0000000A.00000002.938805237.0000000000B07000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: dropped/windef.exe, type: DROPPED | Matched rule: Detects Vermin Keylogger Author: Florian Roth |
Source: dropped/windef.exe, type: DROPPED | Matched rule: Detects Patchwork malware Author: Florian Roth |
Source: dropped/windef.exe, type: DROPPED | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: dropped/windef.exe, type: DROPPED | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: dropped/windef.exe, type: DROPPED | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: dropped/windef.exe, type: DROPPED | Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth |
Source: C:\Users\user\btpanui\SystemPropertiesPerformance.exe, type: DROPPED | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: C:\Users\user\btpanui\SystemPropertiesPerformance.exe, type: DROPPED | Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: C:\Users\user\btpanui\SystemPropertiesPerformance.exe, type: DROPPED | Matched rule: Detects QuasarRAT malware Author: Florian Roth |
Source: CVbJSUXraQ.exe, type: SAMPLE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: CVbJSUXraQ.exe, type: SAMPLE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: CVbJSUXraQ.exe, type: SAMPLE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 6.0.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.3.CVbJSUXraQ.exe.3800000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 10.3.SystemPropertiesPerformance.exe.187c7b0.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 10.3.SystemPropertiesPerformance.exe.187c7b0.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 7.2.CVbJSUXraQ.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 5.0.svchost.exe.c9ac50.8.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.0.svchost.exe.c9ac50.8.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 5.0.svchost.exe.cc5c50.7.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.0.svchost.exe.cc5c50.7.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 5.0.svchost.exe.c60000.0.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.0.svchost.exe.c60000.0.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.0.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 7.2.CVbJSUXraQ.exe.ee5bac.4.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.CVbJSUXraQ.exe.ee5bac.4.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.CVbJSUXraQ.exe.ee5bac.4.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 7.2.CVbJSUXraQ.exe.ee5bac.4.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 7.2.CVbJSUXraQ.exe.ee5bac.4.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.3.SystemPropertiesPerformance.exe.1924408.0.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 10.3.SystemPropertiesPerformance.exe.1924408.0.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.2.CVbJSUXraQ.exe.ee5bac.2.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.CVbJSUXraQ.exe.ee5bac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.CVbJSUXraQ.exe.ee5bac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 1.2.CVbJSUXraQ.exe.ee5bac.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 1.2.CVbJSUXraQ.exe.ee5bac.2.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.ee9fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 5.2.svchost.exe.c60000.0.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.2.svchost.exe.c60000.0.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 4.0.vnc.exe.ab6000.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 4.0.vnc.exe.ab6000.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 5.0.svchost.exe.c60000.3.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.0.svchost.exe.c60000.3.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.3.SystemPropertiesPerformance.exe.14d0000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.CVbJSUXraQ.exe.f14fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.3.SystemPropertiesPerformance.exe.5ce01cc.5.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.5ce01cc.5.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.5ce01cc.5.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.3.SystemPropertiesPerformance.exe.5ce01cc.5.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 10.3.SystemPropertiesPerformance.exe.5ce01cc.5.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.5ce45cc.6.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.3.SystemPropertiesPerformance.exe.18f9408.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 10.3.SystemPropertiesPerformance.exe.18f9408.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.3.CVbJSUXraQ.exe.1833408.5.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 1.3.CVbJSUXraQ.exe.1833408.5.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.ba4fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.f14fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.3.CVbJSUXraQ.exe.175f8e0.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 1.3.CVbJSUXraQ.exe.175f8e0.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.0.SystemPropertiesPerformance.exe.b79fac.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.3.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.3.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.3.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.0.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.0.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.3.CVbJSUXraQ.exe.3800000.6.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 1.3.CVbJSUXraQ.exe.175f8e0.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 1.3.CVbJSUXraQ.exe.175f8e0.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.3.CVbJSUXraQ.exe.1808408.4.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 1.3.CVbJSUXraQ.exe.1808408.4.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.0.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.0.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.3.CVbJSUXraQ.exe.178a8e0.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 5.2.svchost.exe.cc5c50.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.2.svchost.exe.cc5c50.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 4.0.vnc.exe.ae1000.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 4.0.vnc.exe.ae1000.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 5.0.svchost.exe.c9ac50.5.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.0.svchost.exe.c9ac50.5.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.CVbJSUXraQ.exe.f14fac.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.2.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.2.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 5.0.svchost.exe.cc5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.0.svchost.exe.cc5c50.4.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.3.SystemPropertiesPerformance.exe.18517b0.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 10.3.SystemPropertiesPerformance.exe.18517b0.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 5.0.svchost.exe.c60000.6.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.0.svchost.exe.c60000.6.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 4.2.vnc.exe.ab6000.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 4.2.vnc.exe.ab6000.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 4.2.vnc.exe.ae1000.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 4.2.vnc.exe.ae1000.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 5.2.svchost.exe.c9ac50.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.2.svchost.exe.c9ac50.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.0.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.0.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.0.SystemPropertiesPerformance.exe.a40000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 1.0.CVbJSUXraQ.exe.ee5bac.3.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.ee5bac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.ee5bac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 1.0.CVbJSUXraQ.exe.ee5bac.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 1.0.CVbJSUXraQ.exe.ee5bac.3.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 5.0.svchost.exe.cc5c50.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.0.svchost.exe.cc5c50.1.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.3.SystemPropertiesPerformance.exe.14d0000.4.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 6.2.windef.exe.f10000.0.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.ee5bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.ee5bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.ee5bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 7.0.CVbJSUXraQ.exe.ee5bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 7.0.CVbJSUXraQ.exe.ee5bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.2.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.2.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 10.2.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.187c7b0.3.unpack, type: UNPACKEDPE | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 7.2.CVbJSUXraQ.exe.db0000.1.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.CVbJSUXraQ.exe.db0000.1.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 7.2.CVbJSUXraQ.exe.db0000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 10.0.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.0.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.0.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.0.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 10.0.SystemPropertiesPerformance.exe.b75bac.1.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 7.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.CVbJSUXraQ.exe.ee9fac.3.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 10.3.SystemPropertiesPerformance.exe.5d0f5cc.7.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 5.0.svchost.exe.c9ac50.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 5.0.svchost.exe.c9ac50.2.raw.unpack, type: UNPACKEDPE | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 1.2.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 1.2.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 1.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: 1.0.CVbJSUXraQ.exe.db0000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: 00000001.00000003.686336521.0000000001887000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000013.00000000.745828436.0000000000DF2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000017.00000000.783293959.0000000000AA2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000A.00000003.797016218.0000000005C71000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000004.00000000.684341973.0000000000AB6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 00000004.00000000.684341973.0000000000AB6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 00000004.00000002.749080496.0000000000AB6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 00000004.00000002.749080496.0000000000AB6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 00000012.00000000.724863626.00000000003F2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000013.00000002.754022001.0000000000DF2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000003.684577030.000000000176B000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000A.00000003.790922233.00000000014D0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 0000000D.00000000.706677041.0000000000882000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000012.00000002.732311496.00000000003F2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000015.00000000.775754648.0000000000DA6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 00000015.00000000.775754648.0000000000DA6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 00000006.00000000.686167876.0000000000F12000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000A.00000003.785992209.000000000184E000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000006.00000002.707649613.0000000000F12000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000007.00000000.687913717.0000000000E77000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000D.00000002.938115894.0000000000882000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000000.668699670.0000000000E77000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000A.00000000.695543942.0000000000B07000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000018.00000000.790493423.0000000000B07000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000A.00000003.784574167.00000000018F6000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000003.686395578.0000000001805000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000E.00000002.737013238.00000000001B2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000A.00000003.776479918.000000000184E000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000001.00000002.939820117.0000000000E77000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000017.00000002.797076892.0000000000AA2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000015.00000002.950447510.0000000000DA6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: crime_win32_hvnc_banker_gen date = 2020-04-06, author = @VK_Intel, description = Detects malware banker hidden VNC, reference = https://twitter.com/VK_Intel/status/1247058432223477760 |
Source: 00000015.00000002.950447510.0000000000DA6000.00000008.00020000.sdmp, type: MEMORY | Matched rule: crime_win32_hvnc_zloader1_hvnc_generic date = 2020-03-21, author = @VK_Intel, description = Detects Zloader hidden VNC, reference = https://twitter.com/malwrhunterteam/status/1240664014121828352 |
Source: 00000001.00000003.689148939.0000000003800000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Azorult_1 author = kevoreilly, description = Azorult Payload, cape_type = Azorult Payload |
Source: 00000007.00000002.939563903.0000000000E77000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000E.00000000.708127388.00000000001B2000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000018.00000002.796549316.0000000000B07000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0000000A.00000002.938805237.0000000000B07000.00000002.00020000.sdmp, type: MEMORY | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: C:\Users\user\AppData\Roaming\SubDir\winsock.exe, type: DROPPED | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: C:\Users\user\AppData\Local\Temp\windef.exe, type: DROPPED | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: dropped/windef.exe, type: DROPPED | Matched rule: Vermin_Keylogger_Jan18_1 date = 2018-01-29, hash5 = 24956d8edcf2a1fd26805ec58cfd1ee7498e1a59af8cc2f4b832a7ab34948c18, hash4 = 4c5e019e0e55a3fe378aa339d52c235c06ecc5053625a5d54d65c4ae38c6e3da, hash3 = 0157b43eb3c20928b77f8700ad8eb279a0aa348921df074cd22ebaff01edaae6, hash2 = e1d917769267302d58a2fd00bc49d4aee5a472227a75f9366b46ce243e9cbef7, hash1 = 74ba162eef84bf13d1d79cb26192a4692c09fed57f321230ddb7668a88e3935d, author = Florian Roth, description = Detects Vermin Keylogger, hash6 = 2963c5eacaad13ace807edd634a4a5896cb5536f961f43afcf8c1f25c08a5eef, reference = https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: dropped/windef.exe, type: DROPPED | Matched rule: xRAT_1 date = 2017-12-11, hash2 = f1a45adcf907e660ec848c6086e28c9863b7b70d0d38417dd05a4261973c955a, hash1 = 92be93ec4cbe76182404af0b180871fbbfa3c7b34e4df6745dbcde480b8b4b3b, author = Florian Roth, description = Detects Patchwork malware, reference = https://goo.gl/Pg3P4W, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: dropped/windef.exe, type: DROPPED | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: dropped/windef.exe, type: DROPPED | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: dropped/windef.exe, type: DROPPED | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |
Source: dropped/windef.exe, type: DROPPED | Matched rule: CN_disclosed_20180208_KeyLogger_1 date = 2018-02-08, hash1 = c492889e1d271a98e15264acbb21bfca9795466882520d55dc714c4899ed2fcf, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\btpanui\SystemPropertiesPerformance.exe, type: DROPPED | Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\btpanui\SystemPropertiesPerformance.exe, type: DROPPED | Matched rule: Quasar_RAT_2 date = 2017-04-07, hash3 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash2 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740 |
Source: C:\Users\user\btpanui\SystemPropertiesPerformance.exe, type: DROPPED | Matched rule: MAL_QuasarRAT_May19_1 date = 2019-05-27, hash1 = 0644e561225ab696a97ba9a77583dcaab4c26ef0379078c65f9ade684406eded, author = Florian Roth, description = Detects QuasarRAT malware, reference = https://blog.ensilo.com/uncovering-new-activity-by-apt10 |