Sneed-Group/Sneed-Reactivity
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/Fireeye/qti_certificate.yar

25 lines
573 B
Text
Raw Normal View History

OMG ISTG PLS WORK RED PILL :red_circle: :pill:
2024-07-25 17:43:35 +00:00
rule qti_certificate
{
meta:
author = "Fireeye Labs"
reference_hash = "cfa3e3471430a0096a4e7ea2e3da6195"
reference = "https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html"
description = "detects binaries signed with the QTI International Inc certificate"
strings:
$cn = "QTI International Inc"
$serial = { 2e df b9 fd cf a0 0c cb 5a b0 09 ee 3a db 97 b9 }
condition:
$cn and $serial
}
Reference in a new issue Copy permalink