IOC: Windows_Trojan_BrushWorm_7c2098ef

216.73.216.233

Indicator (IOC)

yara AlienVault · Published 27/03/2026 10:58 · Modified 27/03/2026 10:58

Essential information

Value / Name: Windows_Trojan_BrushWorm_7c2098ef
Confidence: 100/100
Revoked: No
Valid from: 27/03/2026 10:29
Valid until: 11/01/2027 21:39
Pattern type: yara
Published: 27/03/2026 10:58
Modified: 27/03/2026 10:58
Author / Source: AlienVault

Description

Windows_Trojan_BrushWorm_7c2098ef

Pattern

rule Windows_Trojan_BrushWorm_7c2098ef {
    meta:
        author = "Elastic Security"
        os = "Windows"
        arch = "x86"
        category_type = "Trojan"
        family = "BrushWorm"
        threat_name = "Windows.Trojan.BrushWorm"
        reference_sample = "89891aa3867c1a57512d77e8e248d4a35dd32e99dcda0344a633be402df4a9a7"

    strings:
        $a = "internetCheckDomain" wide fullword
        $b = { B8 00 00 00 40 33 C9 0F A2 48 8D ?? ?? ?? 89 07 89 5F 04 89 4F 08 89 57 0C 45 33 C0 }
    condition:
        all of them
}

Labels / Tags

Labels: brushlogger brushworm keylogger

Marking (TLP)

TLP:CLEAR

Indicator (IOC)

Essential information

Description

Pattern

Labels / Tags

Marking (TLP)

Related entities

Attack reports (1)