APT_MAL_IronWind_Downloader_Nov23_2

Rule Info

Name
APT_MAL_IronWind_Downloader_Nov23_2
Author
X__Junior
Description
Detects IronWind downloader - seen being used by TA402
Score
80
Reference
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Date
2023-11-27
Minimum Yara
1.7
Rule Hash
459ea143d247ea41a688c4b8ed9b0c1b
Tags
['MAL', 'FILE', 'APT']
Required Modules
[]
Virustotal Matches
https://www.virustotal.com/gui/search/apt_mal_ironwind_downloader_nov23_2/comments

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
11
Suspicious (< 10 engines)
1
Clean (0 engines)
2

Rule Matches

Timestamp
Positives
Total
Hash
VT
2024-03-07 14:03:10
43
69
b66c49ddb3d1da3987f8612d9c45e2a4fbcddfb112661829ee64c9ed3500e812
2024-03-07 13:43:06
43
69
aed53769f1f42709fab9eb7292ebbef52302b7d4b5914d0a096c4ebc4152eeb3
2024-03-06 14:04:03
42
70
12e6f30a4e7d6e58d43177e63756a6d2dc22296436cd337e1c4ec7d7c029d06a
2024-03-06 13:04:34
16
69
58dd469cf501244fac2c8f22b62f35f361543bf3516843083aafaef4bcaacf30
2024-03-03 10:07:35
0
71
7e0d0f77fe1dcb1e7a0a0a2fc0c25a68eee551c7045935449ae64dcbd1310958
2024-02-11 15:25:49
2
70
5fa809c0e5dff03bd202b86cd334e80c7ed5dbad9aed7b12a3799ea0800e5f31
2024-02-08 12:04:19
0
71
c068b9e7130f6fb5763beb9564e92a89644755f223b2f65dc762ed5c77c5b8e3
2024-01-30 18:32:38
32
70
3b4ee3d5c1a7202b053159becac4d0b622641e2e4a7b27f339c03a90f287d381
2023-12-14 12:13:51
50
71
6ab5a0b7080e783bba9b3ec53889e82ca4f2d304e67bd139aa267c22c281a368
2023-12-14 12:12:04
49
71
e2ba2d3d2c1f0b5143d1cd291f6a09abe1c53e570800d8ae43622426c1c4343c
2023-12-14 12:12:03
49
71
ac227dd5c97a36f54e4fa02df4e4c0339b513e4f8049616e2a815a108e34552f
2023-12-12 19:15:34
46
71
26cb6055be1ee503f87d040c84c0a7cacb245b4182445e3eee47ed6e073eca47
2023-12-12 19:10:52
47
71
9b2a16cbe5af12b486d31b68ef397d6bc48b2736e6b388ad8895b588f1831f47
2023-12-12 18:43:01
44
70
5d773e734290b93649a41ccda63772560b4fa25ba715b17df7b9f18883679160

Rule Matches per Month (last 24 months)

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022