Selective YARA Scanning: What’s Your Type?
Tags
| attack-pattern: | Data Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 15182452-76fb-480b-ae04-938a97c1c45d |
| Fingerprint | a6102a1c3f39af95 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 30, 2022, noon |
| Added to db | Nov. 6, 2023, 7:35 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | UNKNOWN |
| Title | Selective YARA Scanning: What’s Your Type? |
| Detected Hints/Tags/Attributes | 57/1/28 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 346 | ✔ | Optiv Blog | https://www.optiv.com/resources/blog/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 7 | yara.readthedocs.io |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 255 | www.optiv.com |
|
| Details | File | 12 | pe.dll |
|
| Details | File | 2 | pe.html |
|
| Details | File | 3 | writingrules.html |
|
| Details | File | 1 | cgitelnet.php |
|
| Details | File | 12 | hash.md5 |
|
| Details | File | 1 | regex_hash_scanner.py |
|
| Details | File | 1 | all_rules.csv |
|
| Details | File | 1 | yara_util.py |
|
| Details | File | 1 | e:\test\rules-master -s -v the sort_rules.py |
|
| Details | File | 1 | sort_rules.py |
|
| Details | File | 1 | e:\\yara_rules_util\\all_rules.csv |
|
| Details | File | 1 | e:\\yara_sort_rules\\log.txt |
|
| Details | File | 1 | e:\\yara_rules_util\\rule_remapping.csv |
|
| Details | File | 1 | e:\\yara_hash_values\\yara_hash_lookups.csv |
|
| Details | File | 263 | www.opt |
|
| Details | Github username | 1 | randomrhythm |
|
| Details | Github username | 1 | adamwhitehat |
|
| Details | md5 | 1 | feba6c919e3797e7778e8f2e85fa033d |
|
| Details | Url | 1 | https://yara.readthedocs.io/en/v3.4.0/modules/pe.html |
|
| Details | Url | 1 | https://yara.readthedocs.io/en/stable/writingrules.html#referencing |
|
| Details | Url | 1 | https://github.com/randomrhythm/regex_hash_scanner.py |
|
| Details | Url | 1 | https://github.com/randomrhythm/yara_rules_project_sorted_ruleset |
|
| Details | Url | 1 | https://github.com/adamwhitehat/judge-jury-and-executable |
|
| Details | Url | 1 | https://github.com/randomrhythm/yara_rules_util |
|
| Details | Url | 1 | https://github.com/randomrhythm/vendor-threat-triage-lookup |