Skip to content

Commit

Permalink
Keyscrambler.exe side-loading KeyScramblerIE.dll (#74)
Browse files Browse the repository at this point in the history
  • Loading branch information
swachchhanda000 authored Apr 15, 2024
1 parent bb744e6 commit 4778bba
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions yml/3rd_party/qfx/keyscramblerie.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
Name: keyscramblerie.dll
Author: Swachchhanda Shrawan Poudel
Created: 2024-04-15
Vendor: QFX
ExpectedLocations:
- '%PROGRAMFILES%\KeyScrambler'
VulnerableExecutables:
- Path: '%PROGRAMFILES%\KeyScrambler\KeyScrambler.exe'
Type: Sideloading
SHA256:
- 'f1575259753f52aaabbd6baad3069605d764761c1da92e402f3e781ed3cf7cea'
- 'fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1'
Resources:
- https://thehackernews.com/2024/03/two-chinese-apt-groups-ramp-up-cyber.html
- https://csirt-cti.net/2024/02/01/stately-taurus-continued-new-information-on-cyberespionage-attacks-against-myanmar-military-junta/
- https://bazaar.abuse.ch/sample/5cb9876681f78d3ee8a01a5aaa5d38b05ec81edc48b09e3865b75c49a2187831/
- https://twitter.com/Max_Mal_/status/1775222576639291859
- https://twitter.com/DTCERT/status/1712785426895839339
- https://www.virustotal.com/gui/file/5cb9876681f78d3ee8a01a5aaa5d38b05ec81edc48b09e3865b75c49a2187831/details
- https://www.virustotal.com/gui/file/9cfdc3fe2a10fe2b514fc224c9c8740e1de039d90b9c17f85b64ff29d4a4ebb1
Acknowledgements:
- Name: Swachchhanda Shrawan Poudel
Twitter: '@_swachchhanda_'

0 comments on commit 4778bba

Please sign in to comment.