#Yara Rule for #TA505 Latest Campaign TA505 • Jun 15, 2020 rule ta505_downloader { meta: author = "Krishnendu Paul" description = "TA505 June 2020" strings: $meta_hex = "document.getElementById" $meta_app = "template.innerHTML" $meta_filetype = "iframeTemplate" $meta_b = "element.innerHTML" condition: all of ($meta_*) and filesize < 250000 } Tags TA505 windows Malware yara Krishnendu Paul Recommended for you XLS Allowing #XLSM and #XLSB files ? Stop it to save your Infra 8 months ago • 1 min read Malware Easy #YARA Strings #Hunting for #Malware - The Lazy Man's Way 9 months ago • 2 min read Malware [Custom #YARA ] #XLS #macro based #malware downloader using URLDownloadToFileA 9 months ago • 7 min read
Malware [Custom #YARA ] #XLS #macro based #malware downloader using URLDownloadToFileA 9 months ago • 7 min read
