Yara Rule - 취소 된 후 AdeDesk의 손상된 서명 인증서로 서명 된 이진을 감지 (Philandro Software Gmbh, 0DBF152DEAP0B981A8A938D53F769DB8; 검증을 위해 날짜를 사용하는 버전)
Yara 정의.
Yara Rule - Detects binaries signed with a compromised signing certificate of AnyDesk after it was revoked (philandro Software GmbH, 0DBF152DEAF0B981A8A938D53F769DB8; version that uses dates for validation)
Yara definition.
Author: Florian Roth
https://anydesk.com/en/public-statement
date = "2024-02-05"
score = 50
uint16(0) == 0x5a4d
pe.signatures[i].serial == "0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8"
date = "2024-02-02"
score = 75
$a1 = "AnyDesk Software GmbH" wide
date = "2024-02-02"
score = 65
$sc1 = { 0D BF 15 2D EA F0 B9 81 A8 A9 38 D5 3F 76 9D B8 }
date = "2024-02-02"
score = 75
uint16(0) == 0x5a4d and```
[https://github.com/Neo23x0/signature-base/commit/55cf00da5e12c7ebd86ed7592c243b2bd8f13b00](https://github.com/Neo23x0/signature-base/commit/55cf00da5e12c7ebd86ed7592c243b2bd8f13b00)