Yara Rule - Teams.exe, update.exe 또는 squirrel.exe라는 이름의 의심스러운 바이너리를 감지
Yara 정의.
Yara Rule - Detects a suspicious binary with the name teams.exe, update.exe or squirrel.exe in the AppData folder of Microsoft Teams that is unsigned or signed by a different CA
Yara definition.
Author: Florian Roth
https://twitter.com/steve_noel/status/1722698479636476325/photo/1
score = 60
date = "2023-11-11"
$a1 = "Microsoft Code Signing PCA" ascii
and pe.number_of_signatures == 0```
[https://github.com/Neo23x0/signature-base/commit/638d4e78711d5e9ea8359e4660228d3f55ac11a3](https://github.com/Neo23x0/signature-base/commit/638d4e78711d5e9ea8359e4660228d3f55ac11a3)