Indicator (IOC)
Essential information
- Value / Name
9e67469d5d54dd0a45a7dd80a2abcb4385311f69- Confidence
- 100/100
- Revoked
- Yes
- Valid from
- 02/02/2024 12:49
- Valid until
- 07/05/2025 13:49
- Pattern type
- yara
- Published
- 20/12/2025 19:42
- Modified
- 21/12/2025 03:06
- Author / Source
- AlienVault
Description
Detect Malicious Web page HTML file from CERT-UA#8399
Pattern
rule masepie_campaign_htmlstarter
{
meta:
description = "Detect Malicious Web page HTML file from CERT-UA#8399"
references = "TRR240101;https://cert.gov.ua/article/6276894"
hash = "628bc9f4aa71a015ec415d5d7d8cb168359886a231e17ecac2e5664760ee8eba"
date = "2024-01-24"
author = "HarfangLab"
context = "file"
strings:
$s1 = "<link rel=\"stylesheet\" href=\"a.css\">" ascii wide fullword
$s2 = "src=\".\\Capture" ascii wide
condition:
filesize > 600 and filesize < 5KB
and (all of them)
}
Labels / Tags
Marking (TLP)
TLP:CLEAR
Related entities
No linked attack reports or intrusion sets yet.