APT_OBFUC_Payload_RoyalRoad_Jul20_1

Rule Info

Rule Hash
e9dc331e2c276c3da926887e2bd5f5e0
Score
75
Tags
['T1027', 'OBFUS', 'APT']
Name
APT_OBFUC_Payload_RoyalRoad_Jul20_1
Date
2020-02-17
Required Modules
[]
Author
Florian Roth
Description
Detects obfuscated payload files as used by RoyalRoad APT
Minimum Yara
1.7
Av Ratio
17.99

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
11
Suspicious (< 10 engines)
1
Clean (0 engines)
18

Rule Matches

Hash
Total
Timestamp
Positives
VT
684b1e29bcee38a7dd8efed2d05348c8a93444514970719f66b27c7f0a7c8c29
58
2020-07-31 11:42:59
2
ee53de9ba6412daf54900a6320a99b5583c498f8d74839b81a8b44c24a80e25b
58
2020-07-25 16:49:58
0
2adc75cd2ebf1f263263ec0ef3e9eb18e1f68ed70f8889a2602d425bdcf71809
58
2020-07-23 16:23:31
0
007ad04d466714da661e6af8ddc0b4dd6b1be3de98336007d35970f9eb3945d2
58
2020-07-23 16:17:19
0
0473e364c40c63ffd4af2be36290df67e4a64d46a10bfc9dfcca6fb64425c31d
59
2020-07-23 16:16:56
0
ad2d018625b56e5e1f50178e1bb56e044c43a3b99cce65bb50d5e4d0b15c8b8d
59
2020-07-23 16:15:31
0
75721aaae7f65dae2f51c7031aa8e42fc4bba82924a25152549fccb4e31a3287
58
2020-07-23 16:12:24
0
27b38ae58c7026bf2cbb60f26a32a588bf71593f536c97c0548200c082207101
58
2020-07-23 16:11:43
0
b37d5bc8a843e194d8d394859aec551373d26633a5da76e65bf3f8899d398bca
59
2020-07-23 16:11:11
0
4cdfd2d959ccc5c545bbc1271a8713f87663a563ddc2fdadb1da595d8df6816f
60
2020-07-23 16:10:36
0
2bcd023c9be12d77cadaf05c01838bd56c85df741b7946b59afa3407b0654348
58
2020-07-23 16:10:24
0
b830bd909b37450e85ac721cdde8436b570e5a6cbde1fac4931147764ed701ec
57
2020-07-23 16:09:52
0
e3bbe6d959c3fed31a1f6e3ae108dc27e5ceb965581c8197d06848fc6ed7b458
57
2020-07-23 16:09:06
0
c52533fd87325801ed050e565903a3828b7be69bbd4761f303c1693d3736116c
59
2020-07-23 16:08:47
0
035ef18498850a9542f7e02c49e46b2b9daef76aff297014da07b671c86b748a
58
2020-07-23 16:07:47
0
9f3330168e903b045afa27acbb78833d8103b758dc958db026c2cd6dd07df3f9
59
2020-07-23 16:07:45
0
4c00de59b151bb89a503c912fa3f5896ff5e40f0dbec13e81d908a562f91eb2f
60
2020-07-23 16:03:54
0
dbb15014a3410d199294592de0b5ef9f2c8fb31ba83014ecd6b1bd2793b77a58
59
2020-07-21 23:27:47
20
22cb164b71695970b591d1240c85fec124f601d4ed4693a0cec325df3e97579b
57
2020-07-21 14:03:35
19
d493b77d24fb54a188a40509d7506eae4b211be6d4d3f02fb357531f5277624d
59
2020-07-16 11:55:12
28
8986382167d05cab4e6e1629a523b71aac4d831ba6e0b54d3ecf8352c221e9aa
60
2020-07-14 10:15:21
0
a3ff2b1aec44eb10fc17a020583eebfbd0eeef441be4ffdc54d36c5f5a82b4c0
59
2020-07-13 12:33:43
0
dfe2c12fa9cc312d9fbc8dae5538412d7d286dcd342852672c59b08d9d754f53
60
2020-07-11 16:12:28
33
649b77833fc31da29835c5e6514deccdb52a5f89b26fa8fb8c85ccac765f9ffd
60
2020-07-11 16:10:25
32
2dab1cbe7ac105f95cb3b45fd91494df6f1be40130422bc7f442402bfe8ac767
60
2020-07-11 16:08:32
33
5a9486d5e3b3281f80f6a1a455db2a30b03301fda16dc3dfd50f37adc9168e50
60
2020-07-11 16:08:08
32
4a26acb65cc53be725106456a3fc498a30825eea0d007ac7e66e8e75a9a38f6a
59
2020-07-11 16:08:08
30
a30d769a2595f6f06cc5000a84de3c5093169c961c8632b373c3064fc3da3429
60
2020-07-11 16:07:50
29
0b65a357094c4687adb031daab23a196d817d4ed9c6118ea5bb19f1e2e0e3d8f
59
2020-07-11 16:05:59
29
36a9ebebbad368899bf42ca75a2a21bdf3b64fd7acad3054b4ece5de3d205d65
60
2020-07-11 16:05:53
34

Rule Matches per Month (last 24 months)