valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #52 from wesinator/patch-1

Browse Source 
Update apt_donotteam_ytyframework.yar
This commit is contained in:
Florian Roth 2020-11-24 10:01:01 +01:00 committed by GitHub
commit 90c7617cdf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
yara/apt_donotteam_ytyframework.yar
View File

@ -5,8 +5,8 @@ rule APT_DonotTeam_YTYframework : APT DonotTeam Windows {
author = "James E.C, ProofPoint"
description = "Modular malware framework with similarities to EHDevel"
hashes = "1e0c1b97925e1ed90562d2c68971e038d8506b354dd6c1d2bcc252d2a48bc31c"
reference = "arbornetworks.com/blog/asert/don"
reference2 = "labs.bitdefender.com/2017/09/ehdeve"
reference = "https://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia/"
reference2 = "https://labs.bitdefender.com/2017/09/ehdevel-the-story-of-a-continuously-improving-advanced-threat-creation-toolkit/"
date = "08-03-2018"
strings:
$x1 = "/football/download2/" ascii wide