Sneed-Reactivity/yara-Neo23x0/apt_servantshell.yar

rule Servantshell {
   meta:
      author = "Arbor Networks ASERT Nov 2015"
      description = "Detects Servantshell malware"
      date = "2017-02-02"
      reference = "https://tinyurl.com/jmp7nrs"
      score = 70
      id = "f41e9191-0be1-59f7-9be4-e39c8a37b2c5"
   strings:
      $string1 = "SelfDestruction.cpp"
      $string2 = "SvtShell.cpp"
      $string3 = "InitServant"
      $string4 = "DeinitServant"
      $string5 = "CheckDT"
   condition:
      uint16(0) == 0x5a4d and all of them
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 12:43:35 -05:00			`rule Servantshell {`
			`meta:`
			`author = "Arbor Networks ASERT Nov 2015"`
			`description = "Detects Servantshell malware"`
			`date = "2017-02-02"`
			`reference = "https://tinyurl.com/jmp7nrs"`
			`score = 70`
			`id = "f41e9191-0be1-59f7-9be4-e39c8a37b2c5"`
			`strings:`
			`$string1 = "SelfDestruction.cpp"`
			`$string2 = "SvtShell.cpp"`
			`$string3 = "InitServant"`
			`$string4 = "DeinitServant"`
			`$string5 = "CheckDT"`
			`condition:`
			`uint16(0) == 0x5a4d and all of them`
			`}`