Show in Graph
Common Information
Type Value
Value 
rule wellmail_certificate_base64_snippets {
	meta:
		description = "Rule for detection of WellMail based on base64 
snippets of certificates used"
		author = "NCSC"
		hash = "0c5ad1e8fe43583e279201cdb1046aea742bae59685e6da24e963a41df987494"
	strings:
		$a1 = "BgNVHQ4EBwQFAQIDBA"
		$a2 = "YDVR0OBAcEBQECAwQG"
		$a3 = "GA1UdDgQHBAUBAgMEB"
		$b1 = "BgNVBAoTE0dNTyBHbG9iYWxTaWduLCBJbm"
		$b2 = "YDVQQKExNHTU8gR2xvYmFsU2lnbiwgSW5j"
		$b3 = "GA1UEChMTR01PIEdsb2JhbFNpZ24sIEluY"
	condition:
		uint32(0) == 0x464C457F and any of ($a*) and any of ($b*)
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Pdf 2020-07-16 138 Advisory: APT29 targets COVID-19 vaccine development
Details Pdf 2020-07-16 139 Advisory: APT29 targets COVID-19 vaccine development
Details Pdf 2020-07-09 139 Advisory: APT29 targets COVID-19 vaccine development