APT_RoyalRoad_8_T_Header_Pattern

Rule Info

Rule Hash
70770063c08d000a0f8c019d92ccc918
Score
75
Tags
['APT']
Name
APT_RoyalRoad_8_T_Header_Pattern
Date
2020-01-21
Required Modules
[]
Author
Florian Roth
Description
Detects file with RoyalRoad encrypted payload magic header found in 8.t files
Minimum Yara
1.7
Av Ratio
3.68

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
1
Suspicious (< 10 engines)
31
Clean (0 engines)
16

Rule Matches

Hash
Total
Timestamp
Positives
VT
482d74df2d82dcfe5a40e5f47ede2869f6a7db4fdbf46c79effc6d0a8823a94e
59
2020-08-02 11:20:43
0
2991d1f3daa61a17894adccd7b6b36e062145bc906f5235318acc1d377f42415
58
2020-07-27 10:57:50
2
c89982425e4e649ea607d4947757c42b9a01bf92a58a313f691d6f997b89385d
58
2020-07-25 16:25:56
0
e47c044869f81ab7030a068ce185e536f6352cce0253009291ed810245373959
59
2020-07-23 16:22:19
4
464f7a250cc4dbafeef0d1e8c4b20e9becd912ae112bfa5f9d0fed76db2631ae
59
2020-07-23 16:20:15
1
f11e6c792320bba8bb5641da4e60e83cfab385809bf8fb332164d9dd62f4a9e1
59
2020-07-23 16:18:28
0
15204d012e22537afb6f15bb1095fa366c71570534333d72c9e7f1e3e5d3909c
58
2020-07-23 16:17:03
1
dbeef9325a47a3a2164331e2447ecc6755b43a32b936c15dc83793b708822623
59
2020-07-23 16:14:00
2
c083353407cf577de55cb6eab7e537b65f6f8d70cd91d55fe3b56fdf06b48c87
58
2020-07-23 16:12:48
1
a6a4997dfb57a0bc07a806342a4eb3600f541a8dd1d107fa259227bb5010b185
58
2020-07-23 16:10:24
0
f0461cff065132ea01ca83494dbf717f91aa6a1d2991fee28e3249e6319d0d54
59
2020-07-23 16:10:05
1
4687c33701e5fcc208ff96cb2a1a19faf4c99b707c766ecf0948b3ac4803d4f2
58
2020-07-23 16:09:38
1
893528c773a97868658adff3cfb17b67c5e2b9bff272635fd7e5d436ea9bc339
58
2020-07-23 16:06:27
0
201cfb4c586b7da1d7dab8a8d067003b114073f025dbe05fdb2a81ab21f00d4a
59
2020-07-19 14:58:43
3
2c60d4312e4416745e56048ee35e694a79e1bc77e7e4d0b5811e64c84a72d2d7
59
2020-07-17 14:58:42
0
e5ced2a798f5d55390deab1edf31eddf7811a9485417d7219212814ab2f9be32
58
2020-07-01 15:08:49
0
9ec83e7a2b22c3a03db2c2b84234404d07a81b5b0afce52fb83ba8f3df90b68c
59
2020-06-25 19:19:32
0
1b376299e3e52ecee4725b08db1ca60577f53ea1e40dfa90d8098890bfe9fec1
61
2020-06-17 12:35:48
0
3e9c6c4710f43b97b49b3c3607d2b6fef46e13f78522747505d14478934423fb
59
2020-06-08 08:53:00
4
a99b7cc09b59fa32acbff50a441ac7765fa9b041e6d5715f905afc0b667f295d
58
2020-06-03 09:03:59
5
cff47626a856409c4528e1068d1d87d74742ceb23c396a8fb60b0570cfcfed30
58
2020-05-27 21:36:44
0
41c2c70ef201988dcda042b93232a95ce7038af63d8a7b88554d22b34b1a707e
60
2020-05-25 10:55:20
5
eff1caaefb51da0f308e76352a9bf7b3ccb134e798c318bbcbd57b29eff951e1
58
2020-05-19 00:23:45
5
ae3e335cc39c07bda70e26e89003e0d1b8eea2deda2b62a006517c959fc0a27a
58
2020-05-15 21:52:29
5
df29d41d43a7146533783d375e8e410a33b0b179812db7d6f75c14449b938c6f
59
2020-04-17 07:36:17
1
9160764447aa166ed91a57407f8e9acc17546d4cc2b091fdfb591efca4daa280
60
2020-04-08 11:36:01
1
6e738bab3c0b11ee880f9588b771b08b3c3b26256e686fa702a0473ad6a68a76
60
2020-04-06 07:43:41
1
68469fe4ff8fa6f48dbc908401cfe823781eeec751834d90a7b8661e6380961f
60
2020-03-30 11:12:10
1
ecb94aaee0edde2a25a3c2308bedb93eedbdd49971d919f521938d725087978e
59
2020-03-18 06:42:36
3
f419af80deb061a4eacd1ed605c53573176780222710a559d82e448cac7bf610
60
2020-03-17 07:34:35
0
79b13339b0b624dd87db9314cb0e12cb06bfed09184860d30bc21ee2d9520f53
60
2020-03-16 15:14:46
1
e8e86359b06cefdc5c1115dacea21240aa090450e83744b495e784d8bff49a09
59
2020-03-13 11:27:39
27
d40334f3218d959d4e686d1cb1888f41ca94118e8aa7ad66fa4ebc4b36c4d2cc
60
2020-03-13 08:44:38
0
1d492e549d2cbd296bc8e1368c8625df0c82c467c1b4addea7191e4a80bf074e
59
2020-03-10 16:45:42
7
b7cfea87d7de935e1f20e3c09ba4bd1154580682e75330876f21f241b33946f2
59
2020-03-06 12:54:40
6
6631812e59bdb2d7615ee2d6b29aa750cea17b2575bd1939f2cc5dc562711ae0
60
2020-03-06 07:09:36
1
6305e7b819a175043f012a5ea3b58cd387d2da7870fde258a60a268ea0c3be02
60
2020-03-05 11:10:08
3
fc1122e8fd7717252b671b3f3e470f9afd4ede5184685460a019d5635f650adb
58
2020-03-04 22:39:17
1
98f06ddae144a0f22aac6898caa3469b965b1b02b90c1d54600e7e461a1cbdf7
58
2020-03-02 09:29:34
2
81152769034a2dedda7093414407966fa19470cce9616d525ad6ac9a2c197729
59
2020-03-02 09:27:04
1
739988d3d2b1e0c541fd68cf0796f86bad12b714ad905d2f347bd08fbecfa0bb
60
2020-02-20 13:05:38
1
9c13d35917d19a69f6c65ac9219ffd0627303837599364921e9c672ee8a9d7e5
60
2020-02-20 09:04:38
1
a03920ee9f01c3736cdb6d15d5f0c5c261c78283cb95856aa745fffac6417eba
58
2020-02-19 00:25:36
0
23d2673f69a782f3169e0e3fba787fb84f0ddc9ddf5ff335466150f91ec42075
58
2020-02-07 20:28:09
5
ace641e02fe4d099a0eeccde08ffe45148a011e01720f3f5ea1b6b17f287044d
60
2020-02-06 10:42:37
0
616596a19f09eabbabcc8cf48fde36ef9a27f65b00a3a9e8a515e6f1656725bb
57
2020-01-27 07:41:46
0
723bdb101d5d046a470618ff3c90dcad9018530cf02248f2c30f3a95e8eb9f8a
57
2020-01-23 00:41:09
1
d9641ffa772295554368407fbe014c15f34ebff25a2164765daa12abf79eb955
56
2020-01-21 20:18:05
0

Rule Matches per Month (last 24 months)