(2021-03-31: Disabled user input because spam was too intense, send an e-mail about uuids to uuid@p to confirm the internet isn't just about bots and make someone happy for a day)
(2021-06-05: Re-enabled user input, still, feel free to send e-mails at uuid@p, I'm not against human interaction heh)
← back

65a097fe-6102-446a-9f9c-55dfc3f41101
APT WINNTI Global BFE_Notify_Event_

65a097fe-6102-446a-9f9c-55dfc3f41101 APT WINNTI Global BFE_Notify_Event_

Version	4
Variant	specified in RFC 4122
urn	urn:uuid:65a097fe-6102-446a-9f9c-55dfc3f41101
Hexdump	65a097fe6102446a9f9c55dfc3f41101
Bytes	eáù■a␂Djƒ£U▀├⌠␑␁
UUIDv4	version (4) + randomness
(would-be) MAC Address	55dfc3f41101
(would-be) is_local bit	True
(would-be) is_multicast bit	False
(would-be) MAC Manufacturer	None
(would-be) MAC Date	None

Links :

UUID registration form :

APT WINNTI Global BFE_Notify_Event_

https://github.com/3vangel1st/Yara/blob/master/APT_WINNTI.yar

APT WINNTI Global BFE_Notify_Event_ base

fun fact, the notify events have one extra digit (5,4,6 here) https://github.com/3vangel1st/Yara/blob/master/APT_WINNTI.yar

{
  strings:
    $e1 = "Global\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411015}" ascii nocase
    $e2 = "Global\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411014}" ascii nocase
    $e3 = "Global\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411016}" ascii nocase
    $e4 = "\\BaseNamedObjects\\{B2B87CCA-66BC-4C24-89B2-C23C9EAC2A66}" wide
    $e5 = "BFE_Notify_Event_{7D00FA3C-FBDC-4A8D-AEEB-3F55A4890D2A}" nocase
  condition:
    (any of ($e*))
}

442338

65a097fe-6102-446a-9f9c-55dfc3f41101APT WINNTI Global BFE_Notify_Event_

65a097fe-6102-446a-9f9c-55dfc3f41101
APT WINNTI Global BFE_Notify_Event_