SYMBOLCOMMON_NAMEaka. SYNONYMS
win.tendyron_dropper (Back to overview)

Tendyron

Actor(s): TA410

There is no description at this point.

References
2023-04-23ESET ResearchAlexandre Côté Cyr, Matthieu Faou
TA410: APT10’s distant cousin
FlowCloud Lookback PlugX Quasar RAT Tendyron Witchetty
2020-12-09ESET ResearchESET Research
apt_Windows_TA410_Tendyron_dropper
Tendyron
Yara Rules
[TLP:WHITE] win_tendyron_dropper_w0 (20251015 | TA410 Tendyron Dropper)
rule win_tendyron_dropper_w0 {
    meta:       
        description = "TA410 Tendyron Dropper"
        reference = "https://www.welivesecurity.com/"
        source = "https://github.com/eset/malware-ioc/"
        license = "BSD 2-Clause"
        version = "1"
        author = "ESET Research"
        date = "2020-12-09"
        malpedia_reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.tendyron_dropper"
        malpedia_rule_date = "20251015"
        malpedia_hash = ""
        malpedia_version = "20251015"
        malpedia_license = "CC BY-SA 4.0"
        malpedia_sharing = "TLP:WHITE"
    strings:
        $s1 = "Global\\{F473B3BE-08EE-4710-A727-9E248F804F4A}" wide
        $s2 = "Global\\8D32CCB321B2" wide
        $s3 = "Global\\E4FE94F75490" wide
        $s4 = "Program Files (x86)\\Internet Explorer\\iexplore.exe" wide
        $s5 = "\\RPC Control\\OLE" wide
        $s6 = "ALPC Port" wide
    condition:
        int16(0) == 0x5A4D and 4 of them
}
Download all Yara Rules