Yara Rule - ADEDESK의 잠재적으로 손상된 서명 인증서 (Philandro Software Gmbh, 0DBF152DEAP0B981A8A938D53F769DB8)로 서명 된 이진을 감지
Yara 정의.
Yara Rule - Detects binaries signed with a potentially compromised signing certificate of AnyDesk (philandro Software GmbH, 0DBF152DEAF0B981A8A938D53F769DB8)
Yara definition.
Author: Florian Roth
https://download.anydesk.com/changelog.txt
date = "2024-02-02"
score = 70
$a1 = "AnyDesk Software GmbH" wide
uint16(0) == 0x5a4d
pe.signatures[i].serial == "0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8"```
[https://github.com/Neo23x0/signature-base/commit/9e09258910c57e1134193f0a0f515b5eec872b01](https://github.com/Neo23x0/signature-base/commit/9e09258910c57e1134193f0a0f515b5eec872b01)