Detection content created by the researchers at Magonia Research can be found here within our GitHub repository.
This is a curated list of threat intelligence data feeds, focusing on imphashes for specific malware families and attack tools.
...track portable executable (PE) imports. Imports are the functions that a piece of software (in this case, the backdoor) calls from other files (typically various DLLs that provide functionality to the Windows operating system). To track these imports, Mandiant creates a hash based on library/API names and their specific order within the executable. We refer to this convention as an "imphash" (for "import hash").