Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

More huntress contributions 2024-07 #82

Merged
merged 2 commits into from
Jul 9, 2024
Merged

More huntress contributions 2024-07 #82

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d95cb51
Create iepdf32.yml
JPMinty Jul 9, 2024
718548a
Create vcomp100.yml
JPMinty Jul 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions yml/3rd_party/adobe/vcomp100.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
Name: vcomp100.dll
Author: Jai Minton - HuntressLabs
Created: 2024-07-09
Vendor: Adobe
VulnerableExecutables:
- Path: '%PROGRAMFILES%\Adobe\Adobe Photoshop %VERSION%\convert.exe'
Type: Sideloading
ExpectedSignatureInformation:
- Subject: SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU="Photoshop\, Bridge - SHA256",O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553
Issuer: CN=Symantec Class 3 Extended Validation Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US
Type: Authenticode
ExpectedVersionInformation:
- FileDescription: ImageMagick Studio library and utility programs
OriginalFilename: ImageMagick
InternalName: ImageMagick
SHA256:
- 'db2457caa1ccd65e63718b9e28789a12e17bc7a038975fba4f07dcd9f38e7016'
Resources:
- https://www.virustotal.com/gui/file/0ab581841cc19922d424dbc518d279070ea75ec2983334ba1b74c16ca5729bc1/relations
- https://www.virustotal.com/gui/file/5a5e1142b50096e3af0f9079c45c84f8a6ca1be60e45dbc489327a2632d73fd5/details
Acknowledgements:
- Name: Jai Minton
Company: Huntress
Twitter: '@cyberrraiju'
25 changes: 25 additions & 0 deletions yml/3rd_party/handysoftware/iepdf32.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
Name: iepdf32.dll
Author: Jai Minton - HuntressLabs
Created: 2024-07-09
Vendor: HandySoftware
ExpectedLocations:
- '%PROGRAMFILES%\Handy Viewer'
VulnerableExecutables:
- Path: '%PROGRAMFILES%\Handy Viewer\hv.exe'
Type: Sideloading
ExpectedSignatureInformation:
- Subject: CN=German Gorodokuplya,O=German Gorodokuplya,POSTALCODE=69000,STREET="Nyzhnya\, 3",L=Zaporizhzhya,ST=Zaporizhka,C=UA
Issuer: CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
Type: Authenticode
ExpectedVersionInformation:
- FileDescription: Handy Viewer
SHA256:
- '6d8905ec0b1dfdc0a10d1cce40714ddd73205a09ad390b933ddbecdcf06a4cf2'
Resources:
- https://www.virustotal.com/gui/file/b748e5dc64f5ece1b256705b7365a89b3be9284587da5f3abbde4be78864867e/relations
- https://www.virustotal.com/gui/file/030ca3bb54a276eea7cdf69d90d04b58a4fa500396e94340895f923d87dc169a/relations
Acknowledgements:
- Name: Jai Minton
Company: Huntress
Twitter: '@cyberrraiju'