32 or 64 bits Malware? - SANS Internet Storm Center
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Python - T1059.006
Show in Graph
Common Information
Type Value
UUID abb6f9ff-4928-4eed-ab04-26469752c25b
Fingerprint 2a3009008fae24d7
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 22, 2022, midnight
Added to db Oct. 24, 2023, 1:40 p.m.
Last updated Dec. 21, 2024, 3:23 a.m.
Headline Internet Storm Center
Title 32 or 64 bits Malware? - SANS Internet Storm Center
Detected Hints/Tags/Attributes 11/1/11
Source URLs
Redirection Url
Details Source https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968
URL Provider
Details Provider Source level domain
Details sans.edu isc.sans.edu
Attributes
Details Type #Events CTI Value
Details Domain 103 
abuse.ch
Details Domain 1 
zipobj.open
Details Domain 1 
fdata.read
Details Domain 98 
bazaar.abuse.ch
Details File 39 
datetime.dat
Details File 1 
zipobj.inf
Details sha256 1 
86150c570e2d253d54fd5f70c9fe62ff37897dc3a7b21658fa891263a843790d
Details Url 5 
https://bazaar.abuse.ch
Details Url 1 
https://bazaar.abuse.ch/export/json/yara-stats
Details Yara rule 1 
rule pe32bits {
	meta:
		description = "Match a 32-bits PE"
	strings:
		$a = { 50 45 00 00 4C }
	condition:
		$a in (0 .. 500)
}
Details Yara rule 1 
rule pe64bits {
	meta:
		description = "Match a 64-bits PE"
	strings:
		$a = { 50 45 00 00 64 }
	condition:
		$a in (0 .. 500)
}