Show in Graph
Common Information
Type Value
Value 
rule apt_nobelium_html_smuggling_iso {
	meta:
		id = "9bd5b626-8ea3-4607-a858-58deff18396c"
		version = "1.0"
		description = "Detect HTML smuggling with ISO"
		hash = "b87073c34a910f20a83c04c8efbd4f43"
		hash = "3d18bc4bfe1ec7b6b73a3fb39d490b64"
		source = "SEKOIA"
		creation_date = "2022-01-02"
		modification_date = "2022-01-02"
		classification = "TLP:WHITE"
	strings:
		$ = "new Blob"
		$ = ".click();"
		$ = { 28 [1-20] 2C 22 [1-20] 2E 69 73 6F 22 2C 22 61 70 70 6C 69 63 61 74 69 6F 6E 2F 78 2D 63 64 2D 69 6D 61 67 65 22 29 }
	condition:
		filesize > 1MB and filesize < 2MB and all of them
}
Category
Type Yara Rule
Misp Type
Description
Details Published Attributes CTI Title
Details Website 2022-01-06 76 NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies