IOC: Windows_Trojan_BrushLogger_304ee146

216.73.216.233

Indicator (IOC)

yara AlienVault · Published 27/03/2026 10:58 · Modified 27/03/2026 10:58

Essential information

Value / Name: Windows_Trojan_BrushLogger_304ee146
Confidence: 100/100
Revoked: No
Valid from: 27/03/2026 10:29
Valid until: 11/01/2027 21:39
Pattern type: yara
Published: 27/03/2026 10:58
Modified: 27/03/2026 10:58
Author / Source: AlienVault

Description

Windows_Trojan_BrushLogger_304ee146

Pattern

rule Windows_Trojan_BrushLogger_304ee146 {
    meta:
        author = "Elastic Security"
        os = "Windows"
        arch = "x86"
        category_type = "Trojan"
        family = "BrushLogger"
        threat_name = "Windows.Trojan.BrushLogger"
        reference_sample = "4f1ea5ed6035e7c951e688bd9c2ec47a1e184a81e9ae783d4a0979501a1985cf"

    strings:
        $a = "%02d-%02d-%d %02d:%02d " fullword
        $b = { 81 ?? ?? A1 00 00 00 74 09 81 ?? ?? A0 00 00 00 75 09 6A 00 6A 10 E8 }
    condition:
        all of them
}

Labels / Tags

Labels: brushlogger brushworm keylogger

Marking (TLP)

TLP:CLEAR

Indicator (IOC)

Essential information

Description

Pattern

Labels / Tags

Marking (TLP)

Related entities

Attack reports (1)