12 lines
334 B
Text
12 lines
334 B
Text
|
rule malware_windows_moonlightmaze_encrypted_keyloger
|
||
|
{
|
||
|
meta:
|
||
|
description = "Rule to detect Moonlight Maze encrypted keylogger logs"
|
||
|
reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
|
||
|
author = "Kaspersky Lab"
|
||
|
strings:
|
||
|
$a1 = {47 01 22 2A 6D 3E 39 2C}
|
||
|
condition:
|
||
|
($a1 at 0)
|
||
|
}
|