Add multiple new DLLs and new vendors (#76)

Co-authored-by: Wietze <[email protected]>

yml/3rd_party/anymp4/avdevice-54.yml

@@ -0,0 +1,23 @@
+---
+Name: avdevice-54.dll
+Author: Jai Minton - HuntressLabs
+Created: 2024-05-06
+Vendor: AnyMP4
+ExpectedLocations:
+  - '%PROGRAMFILES%\AnyMP4 Studio\AnyMP4 Blu-ray Creator'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\AnyMP4 Studio\AnyMP4 Blu-ray Creator\AnyMP4 Blu-ray Creator.exe'
+    Type: Sideloading
+    ExpectedVersionInformation:
+      - OriginalFilename: AnyMP4 Blu-ray Creator.exe
+        InternalName: AnyMP4 Blu-ray Creator
+        FileDescription: AnyMP4 Blu-ray Creator
+    SHA256:
+      - '98c9c45cf18434fe9ab79c9db2e88c1f1db48c95338864421e4d761d71c2fbc6'
+Acknowledgements:
+  - Name: Chad Hudson
+    Company: Huntress
+    Twitter: '@0xBurgers'
+  - Name: Jai Minton
+    Company: Huntress
+    Twitter: '@cyberrraiju'

yml/3rd_party/digiarty/ci.yml

@@ -0,0 +1,22 @@
+---
+Name: ci.dll
+Author: Jai Minton - HuntressLabs
+Created: 2024-05-06
+Vendor: Digiarty
+ExpectedLocations:
+  - '%PROGRAMFILES%\Digiarty\WinX Blu-ray Decrypter'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\Digiarty\WinX Blu-ray Decrypter\WinX Blu-ray Decrypter.exe'
+    Type: Sideloading
+    ExpectedVersionInformation:
+      - FileDescription: WinX Blu-ray Decrypter
+    SHA256:
+      - '1fd92aa46464f8453e33dc7461f80ee7b441f9042e9d0110086226c5f725bd9f'
+Resources:
+  - https://www.virustotal.com/gui/file/2560b7390da7c7a1d92050d9c1f5e3a8025cd35fff5360fe73583b5e3f48731e
+  - https://www.virustotal.com/gui/file/ae2453d0e03d72759d5239dcfe9518d6a721319006613a41f8bb53d37d4d1391/details
+  - https://www.virustotal.com/gui/file/7306316b53f915aaff06f00896829884db857b7e5c2747188ae080cad5b8c0e1
+Acknowledgements:
+  - Name: Jai Minton
+    Company: Huntress
+    Twitter: '@cyberrraiju'

yml/3rd_party/icq/liteskinutils.yml

@@ -0,0 +1,25 @@
+---
+Name: liteskinutils.dll
+Author: Jai Minton - HuntressLabs
+Created: 2024-05-06
+Vendor: ICQ
+ExpectedLocations:
+  - '%PROGRAMFILES%\ICQLite'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\ICQLite\ICQLite.exe'
+    Type: Sideloading
+    ExpectedVersionInformation:
+      - OriginalFilename: ICQLite.exe
+        InternalName: ICQ Lite
+        FileDescription: ICQLite
+    SHA256:
+      - 'e6baea057b35e495a3fc3cdf3b95d503c3abc63c371fbb0067f1052798ce3601'
+Resources:
+  - https://www.virustotal.com/gui/file/e5e53392b29b74545e463b65052e0b6b07e8299d709f07501fb0f31b97a679ab/details
+  - https://www.virustotal.com/gui/file/a278d5604a93e93a5580845da93af6c316a37a4cd35c1fc9348958ae1bebdb90/details
+  - https://www.virustotal.com/gui/file/104ca4690b0ff17eb55e1330c5baf5580a731b6834f0716c483e646d6030855c/relations
+  - https://www.virustotal.com/gui/file/010f55aef8ccba2ea1307d934decd577a08fa21547d1db30e01f3ae5ff1cce07/relations
+Acknowledgements:
+  - Name: Jai Minton
+    Company: Huntress
+    Twitter: '@cyberrraiju'

yml/3rd_party/icq/skinutils.yml

@@ -0,0 +1,25 @@
+---
+Name: skinutils.dll
+Author: Jai Minton - HuntressLabs
+Created: 2024-05-06
+Vendor: ICQ
+ExpectedLocations:
+  - '%PROGRAMFILES%\ICQLite'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\ICQLite\ICQLite.exe'
+    Type: Sideloading
+    ExpectedVersionInformation:
+      - OriginalFilename: ICQLite.exe
+        InternalName: ICQ Lite
+        FileDescription: ICQLite
+    SHA256:
+      - 'e6baea057b35e495a3fc3cdf3b95d503c3abc63c371fbb0067f1052798ce3601'
+Resources:
+  - https://www.virustotal.com/gui/file/e5e53392b29b74545e463b65052e0b6b07e8299d709f07501fb0f31b97a679ab/details
+  - https://www.virustotal.com/gui/file/a278d5604a93e93a5580845da93af6c316a37a4cd35c1fc9348958ae1bebdb90/details
+  - https://www.virustotal.com/gui/file/104ca4690b0ff17eb55e1330c5baf5580a731b6834f0716c483e646d6030855c/relations
+  - https://www.virustotal.com/gui/file/010f55aef8ccba2ea1307d934decd577a08fa21547d1db30e01f3ae5ff1cce07/relations
+Acknowledgements:
+  - Name: Jai Minton
+    Company: Huntress
+    Twitter: '@cyberrraiju'

yml/3rd_party/iobit/register.yml

@@ -0,0 +1,23 @@
+---
+Name: register.dll
+Author: Jai Minton - HuntressLabs
+Created: 2024-05-06
+Vendor: IObit
+ExpectedLocations:
+  - '%PROGRAMFILES%\IObit\Driver Booster\%VERSION%'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\IObit\Driver Booster\%VERSION%\DriverBooster.exe'
+    Type: Sideloading
+    ExpectedVersionInformation:
+      - OriginalFilename: RttHlp.exe
+        InternalName: RttHlp.exe
+        FileDescription: IObit RttHlp
+    SHA256:
+      - '8aed681ad8d660257c10d2f0e85ae673184055a341901643f27afc38e5ef8473'
+Resources:
+  - https://www.virustotal.com/gui/file/0500e5ad7e344d32ee26da988aeb30f6344a0c89a68eacce5d6a5683d1fee0e1/relations
+  - https://www.virustotal.com/gui/file/cdfe0f80cd3dc1914c7ad1a6305c0c1116168a37c5cfe8ff51650e2ac814b818/details
+Acknowledgements:
+  - Name: Jai Minton
+    Company: Huntress
+    Twitter: '@cyberrraiju'

yml/3rd_party/mobatek/libxfont-1.yml

@@ -0,0 +1,27 @@
+---
+Name: libxfont-1.dll
+Author: Jai Minton - HuntressLabs
+Created: 2024-05-10
+Vendor: Mobatek
+ExpectedLocations:
+  - '%PROGRAMFILES%\Mobatek\MobaXterm Personal Edition'
+  - '%PROGRAMFILES%\Mobatek\MobaXterm'
+ExpectedSignatureInformation:
+  - Subject: C=FR, PostalCode=31830, S=Midi-Pyrénées, L=Plaisance du Touch, STREET=13 rue Paul Bernadot, O=Mobatek, CN=Mobatek
+    Issuer: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Code Signing CA
+    Type: Authenticode
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\Mobatek\MobaXterm Personal Edition\MobaXterm.exe'
+    Type: Sideloading
+    SHA256:
+      - '35132e05638b942403b8a813925de7b54e2e2e35b6ba7a8a081e8b96edd4c0aa'
+  - Path: '%PROGRAMFILES%\Mobatek\MobaXterm\MobaXterm.exe'
+    Type: Sideloading
+    SHA256:
+      - '35132e05638b942403b8a813925de7b54e2e2e35b6ba7a8a081e8b96edd4c0aa'
+Resources:
+  - https://www.virustotal.com/gui/file/b99bd7ffb7634749487570d0b3a7e423047de4ab13a10c2d912660aec322618e/details
+Acknowledgements:
+  - Name: Jai Minton
+    Company: Huntress
+    Twitter: '@cyberrraiju'

yml/3rd_party/python/python310.yml

@@ -0,0 +1,21 @@
+---
+Name: python310.dll
+Author: Jai Minton
+Created: 2024-05-08
+Vendor: Python
+ExpectedLocations:
+  - '%PROGRAMFILES%\Python310'
+  - '%LOCALAPPDATA%\Temp\%VERSION%'
+  - '%PROGRAMFILES%\DWAgent\runtime'
+  - '%USERPROFILE%\anaconda3'
+VulnerableExecutables:
+  - Path: 'pythonw.exe'
+    Type: Sideloading
+  - Path: 'dwagent.exe'
+    Type: Sideloading
+Resources:
+  - https://www.virustotal.com/gui/file/115fba7a9ea7d2e38d042c7fa5f81209e0d712c107ceb2eafe2f27f94c8f6054/details
+Acknowledgements:
+  - Name: Jai Minton
+    Company: Huntress
+    Twitter: '@cyberrraiju'

yml/3rd_party/softperfect/sqlite.yml

@@ -0,0 +1,21 @@
+---
+Name: sqlite.dll
+Author: Jai Minton - HuntressLabs
+Created: 2024-05-06
+Vendor: SoftPerfect
+ExpectedLocations:
+  - '%PROGRAMFILES%\NetWorx'
+VulnerableExecutables:
+  - Path: '%PROGRAMFILES%\NetWorx\networx.exe'
+    Type: Sideloading
+    ExpectedVersionInformation:
+      - FileDescription: NetWorx Application (64-bit)
+    SHA256:
+      - '29345d9c6ff0106c9032b15e2c88f17bc8972ed843d1b5c044cf17d00f1d45c5'
+Resources:
+  - https://www.virustotal.com/gui/file/0271e401ca9e430868f45148a04680295929450aecc537285359a28605645daf
+  - https://www.virustotal.com/gui/file/4489bffe08dcbd1e9741f9b66f8ba10b7526318a1dc8d190aef13bbc1599b0f7/details
+Acknowledgements:
+  - Name: Jai Minton
+    Company: Huntress
+    Twitter: '@cyberrraiju'

yml/3rd_party/trendmicro/tmtap.yml

@@ -13,4 +13,3 @@ VulnerableExecutables:
 
 Resources:
   - https://medium.com/@infiniti_css/trend-micro-password-manager-dll-hijack-fa839acaad59
-