Source: Yara match | File source: 17.3.hesaphareketi-01.exe.eca788.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.hesaphareketi-01.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.hesaphareketi-01.exe.3623fa8.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.hesaphareketi-01.exe.3659650.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.eca788.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.hesaphareketi-01.exe.3699ae0.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.eca788.8.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.hesaphareketi-01.exe.3659650.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.eca788.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.eca788.3.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.ec8f18.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.ec4848.11.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.ec4848.10.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.hesaphareketi-01.exe.26f135c.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.ecbd20.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.hesaphareketi-01.exe.3681670.6.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.ecbd20.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.ec4848.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.ecbd20.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.3.hesaphareketi-01.exe.eca788.8.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.hesaphareketi-01.exe.3681670.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000011.00000003.375307414.0000000000EC7000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000011.00000003.375440152.0000000000EC9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000011.00000003.375317154.0000000000EC9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.372661566.0000000003681000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.372473445.00000000026B7000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000011.00000002.510538676.000000000054F000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.372592569.0000000003609000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: hesaphareketi-01.exe PID: 1700, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: hesaphareketi-01.exe PID: 6512, type: MEMORYSTR |
Source: 17.3.hesaphareketi-01.exe.eca788.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.2.hesaphareketi-01.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.2.hesaphareketi-01.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 17.2.hesaphareketi-01.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.hesaphareketi-01.exe.3623fa8.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3623fa8.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3623fa8.3.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 0.2.hesaphareketi-01.exe.3659650.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3659650.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3659650.4.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 17.3.hesaphareketi-01.exe.eca788.5.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3699ae0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.3.hesaphareketi-01.exe.eca788.8.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3659650.4.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3659650.4.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3659650.4.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 17.3.hesaphareketi-01.exe.eca788.3.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.3.hesaphareketi-01.exe.eca788.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.2.hesaphareketi-01.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 17.2.hesaphareketi-01.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 17.3.hesaphareketi-01.exe.ec8f18.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.3.hesaphareketi-01.exe.ec4848.11.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.3.hesaphareketi-01.exe.ec4848.10.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.26f135c.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.3.hesaphareketi-01.exe.ecbd20.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3681670.6.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3681670.6.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3681670.6.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 17.3.hesaphareketi-01.exe.ecbd20.7.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.3.hesaphareketi-01.exe.ec4848.0.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.3.hesaphareketi-01.exe.ecbd20.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 17.3.hesaphareketi-01.exe.eca788.8.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3681670.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3681670.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.hesaphareketi-01.exe.3681670.6.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Author: unknown |
Source: 00000011.00000002.510453136.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000011.00000002.510453136.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: AveMaria_WarZone Author: unknown |
Source: 17.3.hesaphareketi-01.exe.eca788.5.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.eca788.5.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.2.hesaphareketi-01.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.2.hesaphareketi-01.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.2.hesaphareketi-01.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 17.2.hesaphareketi-01.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.hesaphareketi-01.exe.3623fa8.3.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3623fa8.3.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3623fa8.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.hesaphareketi-01.exe.3623fa8.3.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 0.2.hesaphareketi-01.exe.3659650.4.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3659650.4.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3659650.4.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.hesaphareketi-01.exe.3659650.4.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 17.3.hesaphareketi-01.exe.eca788.5.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.eca788.5.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3699ae0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3699ae0.5.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.eca788.8.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.eca788.8.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3659650.4.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3659650.4.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3659650.4.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.hesaphareketi-01.exe.3659650.4.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 17.3.hesaphareketi-01.exe.eca788.3.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.eca788.3.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.eca788.3.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.eca788.3.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.2.hesaphareketi-01.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 17.2.hesaphareketi-01.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 17.3.hesaphareketi-01.exe.ec8f18.2.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ec8f18.2.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ec4848.11.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ec4848.11.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ec4848.10.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ec4848.10.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.26f135c.1.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.26f135c.1.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ecbd20.6.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ecbd20.6.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3681670.6.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3681670.6.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3681670.6.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.hesaphareketi-01.exe.3681670.6.unpack, type: UNPACKEDPE | Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 17.3.hesaphareketi-01.exe.ecbd20.7.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ecbd20.7.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ec4848.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ec4848.0.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ecbd20.1.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.ecbd20.1.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.eca788.8.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 17.3.hesaphareketi-01.exe.eca788.8.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3681670.6.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 0.2.hesaphareketi-01.exe.3681670.6.raw.unpack, type: UNPACKEDPE | Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f |