APT_MAL_Go_FRP_CharmingKitten_Jan22_1

Rule Info

Description
Detects samples mentioned in VT Graph analysing a Charming Kitten operation
Reference
https://www.virustotal.com/graph/g7d1d1f01696b4f1db8db51e78e4597deaf5affa464f147c0a291b8a5bdb10b8f
Tags
['APT', 'MAL', 'G0059', 'FILE', 'EXE']
Date
2022-01-05
Required Modules
[]
Rule Hash
4e095014d3b099fe7b27dd221fb2625d
Score
85
Av Ratio
23.18
Name
APT_MAL_Go_FRP_CharmingKitten_Jan22_1
Author
Florian Roth
Minimum Yara
1.7
Virustotal Matches
https://www.virustotal.com/gui/search/apt_mal_go_frp_charmingkitten_jan22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
13
Suspicious (< 10 engines)
12
Clean (0 engines)
0

Rule Matches

Total
Timestamp
Hash
Positives
VT
67
2022-05-20 20:15:36
ed999bc435768082617851aaa3ea4981332c321ee81574d3942f14ca4f39285e
3
67
2022-05-15 19:22:03
400743690cf1addd5c64c514b8befa981fb60881fa56737a09da747f674fb36b
4
67
2022-05-06 21:10:20
52a7233d49b0b228c0a66e9c935df43ab1bad3e729ee1f9031227f97c36e2e15
36
68
2022-04-22 23:53:47
a03e832aa245e3f549542f61e0e351c2cb4886feb77c02bf09bc8781944741f5
4
69
2022-04-13 08:48:11
1141f04e4e953a99cce80f1a457cfe174f08abab93b1f1bd087c188bf970bde0
3
68
2022-03-19 06:12:41
d5b85892479f79ed622e8e0f67b3f0e30f0dd3d92bc0bc401695d3a0b3cd92ad
4
68
2022-03-16 13:24:34
f858f5c8789897c5b6dc4411913819f0a18d1538323d231b728a6a935b4957c8
4
66
2022-03-16 01:20:02
4066c680ff5c4c4c537c03cf962679a3f71700d4138acd6967f40f72045b1b23
6
70
2022-02-23 10:49:05
3c5d586620d1aec4ee37833b2fa340fc04ed9fdf6c80550a801704944a4ebe57
3
68
2022-02-08 20:42:14
8aa3530540ba023fb29550643beb00c9c29f81780056e02c5a0d02a1797b9cd9
40
65
2022-02-07 08:02:42
b04b97e7431925097b3ca4841b8941397b0b88796da512986327ff66426544ca
35
65
2022-02-04 01:17:22
bd6793355bf84cd68d83468a8625092d524586629f8018a086e3b8be63f3d7a3
13
68
2022-02-02 20:15:56
e3eac25c3beb77ffed609c53b447a81ec8a0e20fb94a6442a51d72ca9e6f7cd2
34
68
2022-02-02 04:39:19
51206859133273fcbcad542b35f071c28bb2b165b12c798793ada7dbdbd06abf
3
66
2022-02-01 05:43:33
2d4de73f1cde0421b12146edf1d5c98466238231a8d6dce1df4aa7be1aa7f3c1
2
68
2022-02-01 05:42:19
12ddd079ddafa45cda987ce44a2344f60a02805a57dbf0560697e2b37f05b2ad
13
70
2022-01-31 20:17:28
9d0a040965b6487d207b73a851dfdcff4cd86b252c257aeee4a393e15c8691a9
35
67
2022-01-29 22:12:14
b8237a853914717dc4b93094bb6a260d23736e62d277c27259ceb00bc4a3b4f0
2
68
2022-01-27 21:01:58
724d54971c0bba8ff32aeb6044d3b3fd571b13a4c19cada015ea4bcab30cae26
11
64
2022-01-25 09:51:12
21b1c01322925823c1e2d8f4f2a1d12dafa2ef4b9e37d6e56d0724366d96d714
2
68
2022-01-17 05:33:50
2bc46b0362fa7f8f658ce472958a70385b772ab9361625edc0a730211629a3c4
20
69
2022-01-15 18:09:26
6fde690b06de85a399df02b89b87f0b808fde83c753cda4d11affded4dca46d7
31
69
2022-01-13 11:16:29
bdf347ce89860bdde9e0b4eba3673fbcb0c5a521e4887b620106dc73650358da
33
64
2022-01-12 14:12:14
1604e69d17c0f26182a3e3ff65694a49450aafd56a7e8b21697a932409dfd81e
13
68
2022-01-11 04:29:53
d57e55033810c35a4c3919f0e8940bdbe2815262b4e078d82d6beb1e9c38a05c
38

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2020