Yara Rule - 취소 된 후 잠재적으로 손상된 서명 인증서로 서명 한 바이너리를 감지 (Philandro Software Gmbh, 0DBF152DEAP0B981A8A938D53F769DB8; 유효성 검사를 위해 날짜를 사용하는 버전) 관련 IOC 4개 발견
Yara 정의.
Neo23x0
Yara Rule - Detects binaries signed with a potentially compromised signing certificate of AnyDesk after it was revoked (philandro Software GmbH, 0DBF152DEAF0B981A8A938D53F769DB8; version that uses dates for validation)
Yara definition.
https://github.com/Neo23x0/signature-base/commit/45f482a2a157d72933b787a50a38988cc7fdf8d4