mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-06 18:53:16 +08:00
30 lines
966 B
YAML
30 lines
966 B
YAML
id: glasses-malware
|
|
|
|
info:
|
|
name: Glasses Malware - Detect
|
|
author: daffainfo
|
|
severity: info
|
|
reference:
|
|
- https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/
|
|
- https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Glasses.yar
|
|
tags: malware,file
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: raw
|
|
words:
|
|
- 'thequickbrownfxjmpsvalzydg'
|
|
- 'Mozilla/4.0 (compatible; Windows NT 5.1; MSIE 7.0; Trident/4.0; %s.%s)'
|
|
- '" target="NewRef"></a>'
|
|
condition: and
|
|
|
|
- type: binary
|
|
binary:
|
|
- "B8ABAAAAAAF7E1D1EA8D04522BC8"
|
|
- "B856555555F7E98B4C241C8BC2C1E81F03D0493BCA"
|
|
condition: or
|
|
# digest: 4a0a00473045022004017917e4819703991df4015539424453b19a7fa563b750a2bf9f42beec0b2f022100e7ae1fd17a098edd070c0f63ec1ee8405cace6bf4419be4a03989f8fbcaad6d0:922c64590222798bb761d5b6d8e72950 |