APT_ME_CharmingKitten_Telegram_Grabber_Jul22_1

Rule Info

Name
APT_ME_CharmingKitten_Telegram_Grabber_Jul22_1
Description
Detects Telegram grabber tool used by Charming Kitten TA
Date
2022-07-25
Score
85
Tags
['APT', 'EXE', 'FILE', 'G0059', 'MIDDLE_EAST']
Minimum Yara
1.7
Author
Florian Roth
Av Ratio
1.63
Rule Hash
ffed0d7ebfc7968d7a3dbd87f863768e
Required Modules
[]

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
0
Suspicious (< 10 engines)
14
Clean (0 engines)
1

Rule Matches

Hash
Total
Timestamp
Positives
VT
f1651ffda0d45e6c37cd31c0ed83d9bd08c33acbd3647cbdd8b22b804ce8d6a3
69
2022-08-03 14:51:41
1
435f61ad26b729e1d7813454ff8279c52ebd928a3d1dd824cb9267189991565d
65
2022-08-03 14:51:41
0
6b84eebded654d29b63f931a28e5fc4318aaf32604d1ad2f14e4a87b7a499206
69
2022-08-03 14:50:38
1
6e4e195c2d60aec5a75f287f2b27ade3204390ace9ad4dec07753234fb148b57
70
2022-08-03 14:50:38
1
5987f958d758866ccea33437c53276382f9c362fc33e81d342b616dc70aeb78f
70
2022-08-03 14:50:38
1
009df256bce5971edaab72c19c4ebcc9296e203a2ef447557c0796d86217d1d3
69
2022-08-03 14:50:38
2
7ea6cb74238d3f0099d4b9c42dd7301b9fb903b62f1f2e06ef73ade533691a69
70
2022-08-03 14:50:38
1
4f85a533e6d25fb281639f9fb4b4f817faab2b291a7835c267f29c27728247f9
70
2022-08-03 14:50:38
1
5a9b1bf53e47cbecf41259f31d06f86dcf62b7858debd680c0a232de3577669a
70
2022-08-03 14:50:38
1
ada1e14da19338f2fa009254a993c6b6607e9a328499c3a762d6652ca8edee5e
70
2022-08-03 14:49:34
2
f09fa790f8b3bf59f44093ae18e8c9ec95b54fb8dab5039e9bfd09b12b815950
69
2022-08-03 14:49:34
2
6710d037801471826817596fa71637eecda4f58cddf47bbb48b3984b21582721
70
2022-08-03 14:49:34
1
141ae6d29118b099d5ef8ee0daa7a4714447d5aa13ce43563e21900014f1db7d
68
2022-08-03 14:49:34
1
4cddb6a4fbf8771ee3180b974fc12c8261880a213a4bf36b1e910e1c1df847cf
69
2022-08-03 14:49:34
1
49218f19e3dc89ab2698f9e23f37d16a97b410de91226bb24e65c8392b74de93
70
2022-08-01 02:49:34
1

Rule Matches per Month (last 24 months)