MalwareBazaar Database
This page shows some basic information the YARA rule TH_APT_EquationGroup_2026_CYFARE including corresponding malware samples.
Database Entry
| YARA Rule: | TH_APT_EquationGroup_2026_CYFARE |
|---|---|
| Author: | CYFARE |
| Description: | Equation Group (G0020) APT malware detection - covers EquationDrug, GrayFish, DoubleFantasy, TripleFantasy, Fanny, GROK, nls_933w HDD firmware module, and Shadow Brokers tooling |
| Firstseen: | 2026-03-21 16:51:44 UTC |
| Lastseen: | 2026-03-22 15:20:13 UTC |
| Sightings: | 4 |
Malware Samples
The table below shows all malware samples that matching this particular YARA rule (max 1000).
| Firstseen (UTC) | SHA256 hash | Tags | Signature | Reporter |
|---|