Yara Rule - Teams.exe, update.exe 또는 squirrel.exe라는 이름의 의심스러운 바이너리를 감지

Yara Rule - Teams.exe, update.exe 또는 squirrel.exe라는 이름의 의심스러운 바이너리를 감지

Yara 정의.

Yara Rule - Detects a suspicious binary with the name teams.exe, update.exe or squirrel.exe in the AppData folder of Microsoft Teams that is unsigned or signed by a different CA

Yara definition.

Author: Florian Roth

https://twitter.com/steve_noel/status/1722698479636476325/photo/1

score = 60
date = "2023-11-11"
$a1 = "Microsoft Code Signing PCA" ascii
and pe.number_of_signatures == 0```


[https://github.com/Neo23x0/signature-base/commit/638d4e78711d5e9ea8359e4660228d3f55ac11a3](https://github.com/Neo23x0/signature-base/commit/638d4e78711d5e9ea8359e4660228d3f55ac11a3)