use .NET library SharpClipboard

edit on GitHub
search on VirusTotal

rule:
  meta:
    name: use .NET library SharpClipboard
    namespace: collection
    authors:
      - "@johnk3r"
    scopes:
      static: file
      dynamic: file
    att&ck:
      - Collection::Clipboard Data [T1115]
    mbc:
      - Collection::Input Capture [E1056]
    references:
      - https://www.welivesecurity.com/2021/04/06/janeleiro-time-traveler-new-old-banking-trojan-brazil/
    examples:
      - 387f15043f0198fd3a637b0758c2b6dde9ead795c3ed70803426fc355731b173
  features:
    - and:
      - match: compiled to the .NET platform
      - string: "SharpClipboard"

last edited: 2023-11-24 10:34:28