Update third-party rules as of 2025-11-21 (#1227)

octo-sts[bot] · github-actions[bot] · stevebeattie · web-flow · commit f37f7587fcb7 · 2025-11-21T12:26:13.000Z
Co-authored-by: Update third-party rules &lt;41898282+github-actions[bot]@users.noreply.github.com&gt;
Co-authored-by: Steve Beattie &lt;steve+github@nxnw.org&gt;
diff --git a/third_party/yara/bartblaze/APT/Autumn_Backdoor_Loader.yar b/third_party/yara/bartblaze/APT/Autumn_Backdoor_Loader.yar
@@ -5,7 +5,7 @@ rule Autumn_Backdoor_Loader
         fingerprint = "v1_sha256_09a399531a2e2f8064b1c9862949fa1c9eca1ddab19bfb62a5ce947e002445cc"
         version = "1.0"
         date = "2025-11-18"
-        modified = "2025-11-18"
+        modified = "2025-11-20"
         status = "RELEASED"
         sharing = "TLP:CLEAR"
         source = "BARTBLAZE"
@@ -14,14 +14,14 @@ rule Autumn_Backdoor_Loader
         category = "MALWARE"
         malware = "UNKNOWN"
         malware_type = "BACKDOOR"
-        reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.broomstick"
+        reference = "https://cyberarmor.tech/blog/autumn-dragon-china-nexus-apt-group-targets-south-east-asia"
         hash = "843fca1cf30c74edd96e7320576db5a39ebf8d0a708bde8ccfb7c12e45a7938c"
         hash = "d7711333c34a27aed5d38755f30d14591c147680e2b05eaa0484c958ddaae3b6"
 
-strings:
-    $pdb_dev = "\\Dev\\ApplicationDllHijacking\\"
-    $pdb_user = "\\Users\\LG02\\Desktop\\???\\"
+    strings:
+        $pdb_dev = "\\Dev\\ApplicationDllHijacking\\"
+        $pdb_user = "\\Users\\LG02\\Desktop\\???\\"
     
-condition:
-    any of them
+    condition:
+        any of them
 }
diff --git a/third_party/yara/bartblaze/RELEASE b/third_party/yara/bartblaze/RELEASE
@@ -1 +1 @@
-cce2b61fa7f71aca33a207d52b4d4c84028754fb
+1eb421e2de322161c9930a415ec8fa340dbeaf68

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-cce2b61fa7f71aca33a207d52b4d4c84028754fb`
	`1`	`+1eb421e2de322161c9930a415ec8fa340dbeaf68`