Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d02b0.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.3218090.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d02b0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d1848.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d1848.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Codoso APT Gh0st Malware Author: Florian Roth |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 00000003.00000000.416591236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000003.00000000.416591236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 00000003.00000000.416591236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 00000003.00000000.416591236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 00000003.00000000.417147497.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000003.00000000.417147497.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 00000003.00000000.417147497.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 00000003.00000000.417147497.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 00000003.00000000.418265932.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000003.00000000.418265932.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 00000003.00000000.418265932.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 00000003.00000000.418265932.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 00000003.00000002.622706566.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000003.00000002.622706566.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 00000003.00000002.622706566.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 00000003.00000002.622706566.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 00000003.00000000.415418870.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000003.00000000.415418870.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 00000003.00000000.415418870.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 00000003.00000000.415418870.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 00000003.00000000.415889492.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000003.00000000.415889492.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 00000003.00000000.415889492.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 00000003.00000000.415889492.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 00000003.00000000.417779464.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 00000003.00000000.417779464.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 00000003.00000000.417779464.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AveMaria/WarzoneRAT Author: ditekSHen |
Source: 00000003.00000000.417779464.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Author: unknown |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d02b0.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d02b0.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.3218090.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.3218090.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d02b0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d02b0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d1848.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d1848.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.2.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.7.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d1848.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.3.DHL_29028263 documento de recibo de la compra,pdf.exe.12d1848.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.41435e0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.19.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.22.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.16.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.13.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.9.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 3.0.DHL_29028263 documento de recibo de la compra,pdf.exe.400000.11.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_2 date = 2016-01-30, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 1.2.DHL_29028263 documento de recibo de la compra,pdf.exe.412b170.3.raw.unpack, type: UNPACKEDPE |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000003.00000000.417195755.000000000054F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000003.00000000.416591236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000003.00000000.416591236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 00000003.00000000.416591236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 00000003.00000000.416591236.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000003.00000000.416662895.000000000054F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000003.00000000.417147497.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000003.00000000.417147497.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 00000003.00000000.417147497.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 00000003.00000000.417147497.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000003.00000003.431594632.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000001.00000002.447136668.0000000003200000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000003.00000002.622879575.000000000054F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000003.00000003.426948480.00000000012CF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000003.00000000.418334237.000000000054F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000003.00000000.418265932.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000003.00000000.418265932.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 00000003.00000000.418265932.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 00000003.00000000.418265932.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000003.00000002.622706566.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000003.00000002.622706566.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 00000003.00000002.622706566.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 00000003.00000002.622706566.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000003.00000000.417884328.000000000054F000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |
Source: 00000003.00000000.415418870.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000003.00000000.415418870.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 00000003.00000000.415418870.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 00000003.00000000.415418870.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000003.00000000.415889492.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000003.00000000.415889492.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 00000003.00000000.415889492.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 00000003.00000000.415889492.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000003.00000000.417779464.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000003.00000000.417779464.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 00000003.00000000.417779464.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_WarzoneRAT author = ditekSHen, description = Detects AveMaria/WarzoneRAT |
Source: 00000003.00000000.417779464.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: AveMaria_WarZone Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda |
Source: 00000001.00000002.447222285.0000000004129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Codoso_Gh0st_1 date = 2016-01-30, hash3 = d7004910a87c90ade7e5ff6169f2b866ece667d2feebed6f0ec856fb838d2297, hash2 = 7dc7cec2c3f7e56499175691f64060ebd955813002d4db780e68a8f6e7d0a8f8, author = Florian Roth, description = Detects Codoso APT Gh0st Malware, reference = https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, super_rule = 5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841 |