APT_MAL_Go_FRP_CharmingKitten_Jan22_1

Rule Info

Description
Detects samples mentioned in VT Graph analysing a Charming Kitten operation
Reference
https://www.virustotal.com/graph/g7d1d1f01696b4f1db8db51e78e4597deaf5affa464f147c0a291b8a5bdb10b8f
Score
85
Date
2022-01-05
Minimum Yara
1.7
Name
APT_MAL_Go_FRP_CharmingKitten_Jan22_1
Required Modules
[]
Author
Florian Roth
Rule Hash
4e095014d3b099fe7b27dd221fb2625d
Tags
['FILE', 'G0059', 'MAL', 'EXE', 'APT', 'MIDDLE_EAST']
Virustotal Matches
https://www.virustotal.com/gui/search/apt_mal_go_frp_charmingkitten_jan22_1/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
20
Suspicious (< 10 engines)
14
Clean (0 engines)
0

Rule Matches

Hash
Timestamp
Positives
Total
VT
c5600c4efac817d9c300301607cf0f1ff9cee1a92dc5f3a4a73ed950ff1e4517
2022-11-22 19:06:54
12
71
0d50ebdf30731eca7c0b13198aea267db38dee4f103e0a4562cdbb50ddc1c36d
2022-11-03 16:50:18
37
72
137a0cc0b96c892a67c634aef128b7a97e5ce443d572d3631e8fa43d772144c4
2022-09-21 08:38:50
41
70
d9a75fe86b231190234df9aba52efcffd40fead59bb4b06276a850f4760913bf
2022-09-21 08:36:29
40
71
061a78f6f211e5c903bca514de9a6d9eb69560e5e750030ce74afec75c1fc95b
2022-09-21 08:36:23
41
71
69314c1969f28bfab34683769286326e25d9a0f07c4bad3443d08efe4f43e0a8
2022-06-16 06:39:06
6
67
46bb5a3fdb054d29412889303c1e76d64bacb8976acbb350555c08f3519c7273
2022-06-07 11:32:09
4
67
e4901d9a00d550ff2c6e24496e20e769f2ce253a191d6c5492312f1b5053cd64
2022-06-03 13:14:59
16
68
259cd4843b868de964821752b9ce9dcb660cf1ceaaa057df8670019c9d0346f9
2022-06-02 21:21:43
14
69
ed999bc435768082617851aaa3ea4981332c321ee81574d3942f14ca4f39285e
2022-05-20 20:15:36
3
67
400743690cf1addd5c64c514b8befa981fb60881fa56737a09da747f674fb36b
2022-05-15 19:22:03
4
67
52a7233d49b0b228c0a66e9c935df43ab1bad3e729ee1f9031227f97c36e2e15
2022-05-06 21:10:20
36
67
a03e832aa245e3f549542f61e0e351c2cb4886feb77c02bf09bc8781944741f5
2022-04-22 23:53:47
4
68
1141f04e4e953a99cce80f1a457cfe174f08abab93b1f1bd087c188bf970bde0
2022-04-13 08:48:11
3
69
d5b85892479f79ed622e8e0f67b3f0e30f0dd3d92bc0bc401695d3a0b3cd92ad
2022-03-19 06:12:41
4
68
f858f5c8789897c5b6dc4411913819f0a18d1538323d231b728a6a935b4957c8
2022-03-16 13:24:34
4
68
4066c680ff5c4c4c537c03cf962679a3f71700d4138acd6967f40f72045b1b23
2022-03-16 01:20:02
6
66
3c5d586620d1aec4ee37833b2fa340fc04ed9fdf6c80550a801704944a4ebe57
2022-02-23 10:49:05
3
70
8aa3530540ba023fb29550643beb00c9c29f81780056e02c5a0d02a1797b9cd9
2022-02-08 20:42:14
40
68
b04b97e7431925097b3ca4841b8941397b0b88796da512986327ff66426544ca
2022-02-07 08:02:42
35
65
bd6793355bf84cd68d83468a8625092d524586629f8018a086e3b8be63f3d7a3
2022-02-04 01:17:22
13
65
e3eac25c3beb77ffed609c53b447a81ec8a0e20fb94a6442a51d72ca9e6f7cd2
2022-02-02 20:15:56
34
68
51206859133273fcbcad542b35f071c28bb2b165b12c798793ada7dbdbd06abf
2022-02-02 04:39:19
3
68
2d4de73f1cde0421b12146edf1d5c98466238231a8d6dce1df4aa7be1aa7f3c1
2022-02-01 05:43:33
2
66
12ddd079ddafa45cda987ce44a2344f60a02805a57dbf0560697e2b37f05b2ad
2022-02-01 05:42:19
13
68
9d0a040965b6487d207b73a851dfdcff4cd86b252c257aeee4a393e15c8691a9
2022-01-31 20:17:28
35
70
b8237a853914717dc4b93094bb6a260d23736e62d277c27259ceb00bc4a3b4f0
2022-01-29 22:12:14
2
67
724d54971c0bba8ff32aeb6044d3b3fd571b13a4c19cada015ea4bcab30cae26
2022-01-27 21:01:58
11
68
21b1c01322925823c1e2d8f4f2a1d12dafa2ef4b9e37d6e56d0724366d96d714
2022-01-25 09:51:12
2
64
2bc46b0362fa7f8f658ce472958a70385b772ab9361625edc0a730211629a3c4
2022-01-17 05:33:50
20
68
6fde690b06de85a399df02b89b87f0b808fde83c753cda4d11affded4dca46d7
2022-01-15 18:09:26
31
69
bdf347ce89860bdde9e0b4eba3673fbcb0c5a521e4887b620106dc73650358da
2022-01-13 11:16:29
33
69
1604e69d17c0f26182a3e3ff65694a49450aafd56a7e8b21697a932409dfd81e
2022-01-12 14:12:14
13
64
d57e55033810c35a4c3919f0e8940bdbe2815262b4e078d82d6beb1e9c38a05c
2022-01-11 04:29:53
38
68

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022