| 1 |
Arkbird_SOLG |
Good point for the similarities between #RotaJakiro and the 2016 version of ELF backdoor of Oceanlotus. II share the rule at the same time.
H/T @c3rb3ru5d3d53c @JAMESWT_MHT
Samples :
https://bazaar.abuse.ch/browse/signature/RotaJakiro/
https://bazaar.abuse.ch/sample/07154b7a45937f2f5a2cda5b701504b179d0304fc653edb2d0672f54796c35f7/
Yara :
https://github.com/StrangerealIntel/DailyIOC/blob/master/2021-05-08/RotaJakiro/MAL_ELF_RotaJakiro_May_2021_1.yara
|
2021-05-08 21:23:58 |
| 2 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 64
VirusTotal: https://www.virustotal.com/gui/file/59e7413a5d917b6e2ec91f72ab2e53ae6762eb87a6ee92cda1259488bd61afed/detection/f-59e7413a5d917b6e2ec91f72ab2e53ae6762eb87a6ee92cda1259488bd61afed-1577753785
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 21:20:02 |
| 3 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 58
VirusTotal: https://www.virustotal.com/gui/file/4f740d8bd13708b231618cebfb7fa1f9d22aa24a330012ea3bf5eaad17ea635a/detection/f-4f740d8bd13708b231618cebfb7fa1f9d22aa24a330012ea3bf5eaad17ea635a-1615797918
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 21:00:02 |
| 4 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 59
VirusTotal: https://www.virustotal.com/gui/file/707a5586650d344d30819317dd36a295be398ed1d4c4beb9d4ecacd05ec95e1c/detection/f-707a5586650d344d30819317dd36a295be398ed1d4c4beb9d4ecacd05ec95e1c-1546008060
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 20:50:03 |
| 5 |
HeliosCert |
@HeliosCert
Sample analysed on #virustotal
VirusTotal-Score: 63
VirusTotal: https://www.virustotal.com/gui/file/ce8a56eece99455b88ee03b5d43f70fe979fc25718bf6f7c82ea73c1a579cb7c/detection/f-ce8a56eece99455b88ee03b5d43f70fe979fc25718bf6f7c82ea73c1a579cb7c-1599651171
Threat: Ransom_WCRY.SMALYM (TrendMicro)
|
2021-05-08 20:10:02 |