From 4778bba51eae415772843a7250cba763aba2d436 Mon Sep 17 00:00:00 2001 From: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com> Date: Tue, 16 Apr 2024 04:03:43 +0545 Subject: [PATCH] Keyscrambler.exe side-loading KeyScramblerIE.dll (#74) --- yml/3rd_party/qfx/keyscramblerie.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 yml/3rd_party/qfx/keyscramblerie.yml diff --git a/yml/3rd_party/qfx/keyscramblerie.yml b/yml/3rd_party/qfx/keyscramblerie.yml new file mode 100644 index 0000000..253125c --- /dev/null +++ b/yml/3rd_party/qfx/keyscramblerie.yml @@ -0,0 +1,24 @@ +--- +Name: keyscramblerie.dll +Author: Swachchhanda Shrawan Poudel +Created: 2024-04-15 +Vendor: QFX +ExpectedLocations: + - '%PROGRAMFILES%\KeyScrambler' +VulnerableExecutables: + - Path: '%PROGRAMFILES%\KeyScrambler\KeyScrambler.exe' + Type: Sideloading + SHA256: + - 'f1575259753f52aaabbd6baad3069605d764761c1da92e402f3e781ed3cf7cea' + - 'fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1' +Resources: + - https://thehackernews.com/2024/03/two-chinese-apt-groups-ramp-up-cyber.html + - https://csirt-cti.net/2024/02/01/stately-taurus-continued-new-information-on-cyberespionage-attacks-against-myanmar-military-junta/ + - https://bazaar.abuse.ch/sample/5cb9876681f78d3ee8a01a5aaa5d38b05ec81edc48b09e3865b75c49a2187831/ + - https://twitter.com/Max_Mal_/status/1775222576639291859 + - https://twitter.com/DTCERT/status/1712785426895839339 + - https://www.virustotal.com/gui/file/5cb9876681f78d3ee8a01a5aaa5d38b05ec81edc48b09e3865b75c49a2187831/details + - https://www.virustotal.com/gui/file/9cfdc3fe2a10fe2b514fc224c9c8740e1de039d90b9c17f85b64ff29d4a4ebb1 +Acknowledgements: + - Name: Swachchhanda Shrawan Poudel + Twitter: '@_swachchhanda_'