Common Information
| Type | Value |
|---|---|
| Value |
rule Windows_Trojan_SiestaGraph {
meta:
author = "Elastic Security"
creation_date = "2022-12-14"
last_modified = "2022-12-15"
os = "windows"
arch_context = "x86"
category_type = "Trojan"
family = "SiestaGraph"
threat_name = "Windows.Trojan.SiestaGraph"
license = "Elastic License v2"
strings:
$a1 = "downloadAsync" ascii nocase fullword
$a2 = "UploadxAsync" ascii nocase fullword
$a3 = "GetAllDriveRootChildren" ascii fullword
$a4 = "GetDriveRoot" ascii fullword
$a5 = "sendsession" wide fullword
$b1 = "ListDrives" wide fullword
$b2 = "Del OK" wide fullword
$b3 = "createEmailDraft" ascii fullword
$b4 = "delMail" ascii fullword
condition:
all of ($a*) and 2 of ($b*)
}
|
| Category | |
| Type | Yara Rule |
| Misp Type | |
| Description |