APT_APT29_NOBELIUM_JS_EnvyScout_May21_1

Rule Info

Tags
['G0016', 'DEMO', 'APT', 'T1027', 'RUSSIA']
Name
APT_APT29_NOBELIUM_JS_EnvyScout_May21_1
Minimum Yara
1.7
Rule Hash
c0881213e3ad46009f09cd1d7db39361
Av Ratio
17.96
Score
75
Author
Florian Roth
Date
2021-05-29
Description
Detects EnvyScout deobfuscator code as used by NOBELIUM group
Required Modules
[]

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
5
Suspicious (< 10 engines)
8
Clean (0 engines)
0

Rule Matches

Hash
Timestamp
Total
Positives
VT
58bcbb31f0e93602d2a4c1b2e2c932e5398307e6c89ed661b2e9869c7c2afc62
2021-06-07 16:29:36
57
21
8df6ba945aee768c422eb69a7a3c7d095bb55edb9959532a71db4711fc67f7c8
2021-06-04 02:13:01
59
23
36a612ce9f6b249f9ebed2c4d5e608122de8c0d8353f5aef37c46603b254a645
2021-06-02 14:10:04
57
2
541d3868c3f75bbc3f6747e653e9907d12e5d4eacf74e311d37d5b7d0574a94b
2021-06-02 03:46:15
59
18
c95553a61737cf5bd154fc530d14651320bf1765a93363caa266146310ae3c2b
2021-05-31 10:11:16
58
7
076b5eab4b6a2ba87632218213908d9c2a7684629ecc3f2d30ad3cf23024aa33
2021-05-31 09:34:18
58
6
6dc08be554674d05a630d6f3a5fd851d804ed5360b8d954b5d1096ca25e41e52
2021-05-31 05:20:25
58
3
279d5ef8f80aba530aaac8afd049fa171704fc703d9cfe337b56639732e8ce11
2021-05-31 02:38:35
57
14
6df1d7191f6dd930642cc5c599efb54bfcc964b7a2e77f6007787de472b22a6a
2021-05-31 02:38:15
57
15
9301e48ea3fa7d39df871f04072ee47b9046d76aa378a1c5697f3b2c14aef1d6
2021-05-30 05:05:17
59
6
72ecba53877d5770e3c097fe84620cdb848edb5bd627628885b13a5e242d8831
2021-05-30 01:25:06
56
5
a098cfa13d7b0a4b12021508c935f2ce7c395a24e8aeed6090e3121ef831d816
2021-05-29 21:02:25
59
5
9059c5b46dce8595fcc46e63e4ffbceeed883b7b1c9a2313f7208a7f26a0c186
2021-05-29 14:39:11
51
9

Rule Matches per Month (last 24 months)