nuclei-templates/file/malware/glasses-malware.yaml

30 lines
964 B
YAML
Raw Normal View History

2023-08-01 11:37:58 +00:00
id: glasses-malware
2023-02-28 01:18:13 +00:00
info:
2023-03-09 18:14:31 +00:00
name: Glasses Malware - Detect
2023-02-28 01:18:13 +00:00
author: daffainfo
2023-08-01 09:54:35 +00:00
severity: info
2023-02-28 01:18:13 +00:00
reference:
- https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Glasses.yar
tags: malware,file
file:
- extensions:
- all
matchers-condition: and
matchers:
2023-08-01 09:54:35 +00:00
- type: word
part: raw
2023-02-28 01:18:13 +00:00
words:
- 'thequickbrownfxjmpsvalzydg'
- 'Mozilla/4.0 (compatible; Windows NT 5.1; MSIE 7.0; Trident/4.0; %s.%s)'
- '" target="NewRef"></a>'
condition: and
2023-08-01 09:54:35 +00:00
- type: binary
2023-02-28 01:18:13 +00:00
binary:
- "B8ABAAAAAAF7E1D1EA8D04522BC8"
- "B856555555F7E98B4C241C8BC2C1E81F03D0493BCA"
2023-10-14 11:27:55 +00:00
condition: or
# digest: 490a0046304402206c19fd7664b98e1beacc91b5cefd899284e3b9db9a5496b2d1b8c11ad06ee77e02204d59c759c20e30834d429d754f136bc7b70d841a6c2e128611028841235f1a8f:922c64590222798bb761d5b6d8e72950