Show in Graph
Common Information
Type Value
Value 
rule apt_TURLA_ExternalPNGDocument_strings {
	meta:
		id = "51413d41-d0f4-4e1a-9f12-322921e48977"
		version = "1.0"
		intrusion_set = "TURLA"
		description = "Detects external logo embedded in DOCX documents"
		source = "SEKOIA"
		creation_date = "2022-05-05"
		modification_date = "2022-05-05"
		classification = "TLP:GREEN"
	strings:
		$s1 = "/relationships/image"
		$s2 = /[0-9]{3,10}\/logo\.png/
		$s3 = "TargetMode=\"External\"/><"
	condition:
		$s1 in (filesize - 400 .. filesize) and $s2 in (filesize - 400 .. filesize) and $s3 in (filesize - 400 .. filesize)
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2022-05-23 20 TURLA’s new phishing-based reconnaissance campaign in Eastern Europe