100 Days of YARA – Day 39: SilentMoon

On By DanielIn 100 days of Yara

Reading some articles about Turla, I found a few mentions of an implant named SilentMoon: https://pinboard.in/u:droberson/t:silentmoon/

This crude rule was able to find a few samples not mentioned in the reports that were not mentioned in the reports bookmarked above.

rule silentmoon
{
	meta:
		description = "Turla SilentMoon implant"
		hash = "a679dbde0f4411396af54ea6ac887bd0488b2339cd8a4b509a01ca5e906f70bd"

	strings:
		$ = "SilentMoon" wide

	condition:
		all of them
}

YARA Rules Index

One thought on “100 Days of YARA – Day 39: SilentMoon

  1. Pingback: Week 05 – 2022 – This Week In 4n6

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s