![Back to home Valhalla Logo](/static/valhalla-logo.png)
Rule Info
Name
MAL_APT_Q_27_Renamed_Regsvr32_Specific_Execution_May23
Author
X__Junior
Description
Detects specific command line flags and commandline order of a renamed regsvr32.exe - used by APT-Q-27 to load extra code
Score
80
Date
2023-05-04
Minimum Yara
1.7
Rule Hash
69a5697824f3d9c8fb8ce4869ec2b355
Tags
['ANOMALY', 'APT', 'T1218_010', 'MAL', 'SCRIPT']
Required Modules
[]
Antivirus Verdicts
Rating
Number of Samples
Malicious (>= 10 engines)
2
Suspicious (< 10 engines)
5
Clean (0 engines)
16
Rule Matches
Timestamp
Positives
Total
Hash
VT