Show in Graph
Common Information
Type Value
Value 
rule FDFWJTORFQVNXQHFAH {
	meta:
		author = "Mandiant"
		description = "Detecting packer or cert."
		md5 = "939ab3c9a4f8eab524053e5c98d39ec9"
	strings:
		$cert = "FDFWJTORFQVNXQHFAH"
		$s1 = "VLstuTmAlanc"
		$s2 = { 54 68 F5 73 20 70 00 00 00 00 00 00 00 BE 66 67 72 BD 68 20 63 BD 69 6E 6F C0 1F 62 65 EC 72 75 6E FC 6D 6E 20 50 46 53 20 B9 66 64 65 }
		$s3 = "ViGuua!Gre"
		$s4 = "6seaIdFiYdA"
	condition:
		(uint16(0) == 0x5A4D) and filesize < 2MB and ($cert or 2 of ($s*))
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2022-02-23 314 (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware | Mandiant