#Yara Rule for #TA505 Latest Campaign TA505 • Jun 15, 2020 rule ta505_downloader { meta: author = "Krishnendu Paul" description = "TA505 June 2020" strings: $meta_hex = "document.getElementById" $meta_app = "template.innerHTML" $meta_filetype = "iframeTemplate" $meta_b = "element.innerHTML" condition: all of ($meta_*) and filesize < 250000 } Tags TA505 windows Malware yara Subscribe to our newsletter Get the latest posts delivered right to your inbox. Your email address Subscribe Now check your inbox and click the link to confirm your subscription. Please enter a valid email address Oops! There was an error sending the email, please try later. --}} Krishnendu Paul Recommended for you XLS Allowing #XLSM and #XLSB files ? Stop it to save your Infra a year ago • 1 min read Malware Easy #YARA Strings #Hunting for #Malware - The Lazy Man's Way a year ago • 2 min read Malware [Custom #YARA ] #XLS #macro based #malware downloader using URLDownloadToFileA a year ago • 7 min read
Malware [Custom #YARA ] #XLS #macro based #malware downloader using URLDownloadToFileA a year ago • 7 min read
