Yara Rule - UNC4736의 3CX 타협에 사용되는 납판 (일명 TXRLOADER) 맬웨어 감지
Yara 정의.
Yara Rule - Detects TAXHAUL (AKA TxRLoader) malware used in the 3CX compromise by UNC4736
Yara definition.
Author: Mandiant
https://www.3cx.com/blog/news/mandiant-initial-results/
date = "2023-03-04"
score = 80
$p00_0 = {410f45fe4c8d3d[4]eb??4533f64c8d3d[4]eb??4533f64c8d3d[4]eb}
$p00_1 = {4d3926488b01400f94c6ff90[4]41b9[4]eb??8bde4885c074}
uint16(0) == 0x5A4D and any of them```
[https://github.com/Neo23x0/signature-base/commit/122e8731183a6af1604de157509cd17ec768f0d6](https://github.com/Neo23x0/signature-base/commit/122e8731183a6af1604de157509cd17ec768f0d6)