MalwareBazaar Database
This page shows some basic information the YARA rule PUA_AnyDesk_Compromised_Certificate_Revoked_Jan24 including corresponding malware samples.
Database Entry
| YARA Rule: | PUA_AnyDesk_Compromised_Certificate_Revoked_Jan24 |
|---|---|
| Author: | Florian Roth |
| Description: | Detects binaries signed with a compromised signing certificate of AnyDesk (philandro Software GmbH, 0DBF152DEAF0B981A8A938D53F769DB8) after it was revoked. This is not a threat detection. It detects an outdated version of AnyDesk that was signed with a certificate that has been revoked. |
| Firstseen: | 2024-02-20 07:07:15 UTC |
| Lastseen: | 2025-08-19 14:13:26 UTC |
| Sightings: | 14 |
Malware Samples
The table below shows all malware samples that matching this particular YARA rule (max 1000).
| Firstseen (UTC) | SHA256 hash | Tags | Signature | Reporter |
|---|