Gholee samples

1. Since AV vendors are so good at writing reports (http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-woolen-goldfish-when-kittens-go-phishing) but amazingly fail at detecting malwares I decided to share a few new samples of Gholee malware.
2.  
3. Original posts about Gholee:
4. http://www.clearskysec.com/gholee-a-protective-edge-themed-spear-phishing-campaign/
5. http://securityaffairs.co/wordpress/28170/cyber-crime/gholee-malware.html
6.  
7. Crowdstrike's:
8. https://www.hackcon.org/wp-content/uploads/2015/02/Foredrag01.pdf
9.  
10.  
11. First discovered XLS - 3f7118a2ff787e61b5d18ba0591a29f90349d8ab93aa7d005cdf833f8c9895b2
12. (text version of the macro - https://pastebin.com/Kz45uVma)
13. Dropped file - 69cd44995cd8705f9d21cecc978b6a646eefb9872761844fd33b05b7ac2f0767
14.  
15. New samples of Gholee 0/54 detection rate (of course):
16. 0b75e6364bb63043cf60c8adc98a5749b5167322f8951b128b56768158e3f576
17. 578bb18c52242192d6404f3263930f0992dc6babbcbdd72f393228de036a0ea5
18. f0f83d8a8eb7737a92212fe0a13045a3f867c580a47191a048465cd1efb41905
19. 9bec8af624f7df5eeb8d0b072ad8914dded727cb0a58ebf45a9e4df9d7bdf8fd
20. a9b7c289cea29941b0c4c0e2809d703f934dbcc29c13b4bc900b0ee973108984
21.  
22. Yara rules for detectiong the samples:
23. https://pastebin.com/fm1mb6qX
24.  
25. All above samples can be download from here:
26. https://s3-eu-west-1.amazonaws.com/snakebyte.co.il/uploads/Gholee.7z
27. pass: infected
28.  
29. Enjoy