Mirrors/cert-orangecyberdefense-cti
1
0
Fork 0
mirror of https://github.com/cert-orangecyberdefense/cti synced 2026-06-08 14:45:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create yara emmenhtalv2

Browse Source
This commit is contained in:
Mar-Pic
2025-02-18 15:58:00 +01:00
committed by GitHub
parent 55f4a45dec
commit f8653616ec
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
emmenhtal/yara emmenhtalv2
+19
View File
@@ -0,0 +1,19 @@
rule Windows_Trojan_Emmenhtalv2 : malware {
meta:
description = "Emmenhtal new version, data stage"
researcher = "Alexandre MATOUSEK"
source = "OCD"
creation_date = "18/12/2024"
os = "Windows"
category = "Trojan"
threat_name = "Windows.Trojan.Emmenhtal"
strings:
$ = "<script>window.moveTo(9999,0)</script>"
$ = "<script>window.onerror = function(){return true}</script>"
$ = " = document.documentElement.outerHTML;</script>"
$ = "<script>window.close()</script>"
$ = "<script>eval("
$ = ".replace(/(..)./g, function(match, p1) {return String.fromCharCode(parseInt(p1, 16))}))</script>"
condition:
all of them
}