Sneed-Reactivity/yara-mikesxrs/Mikesxrs/PDB_Arachnophobia.yar

rule PDB_Arachnophobia
{
	meta:
    	Author = "mikesxrs"
        Description = "Looking for unique PDB strings"
        Reference = "https://www.threatconnect.com/where-there-is-smoke-there-is-fire-south-asian-cyber-espionage-heats-up/Operation Arachnophobia"
        Date = "2017-10-28"
    strings:
    	$PDB1 = "C:\\Users\\Tranchulas\\Documents\\Visual Studio 2008\\Projects\\upload\\Release\\upload.pdb"
    	$PDB2 = "C:\\Users\\Cath\\documents\\visual studio 2010\\Projects\\ExtractPDF\\Release\\ExtractPDF.pdb"
    	$PDB3 = "C:\\Users\\Cath\\documents\\visual studio 2010\\Projects\\Start\\Release\\Start.pdb"
    	$PDB4 = "C:\\Users\\Cert-India\\Documents\\Visual Studio 2008\\Projects\\ufile\\Release\\ufile.pdb"
    	$PDB5 = "C:\\Users\\umairaziz27\\Documents\\Visual Studio 2008\\Projects\\usb\\Release\\usb.pdb"
    condition:
        any of them
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 12:43:35 -05:00			`rule PDB_Arachnophobia`
			`{`
			`meta:`
			`Author = "mikesxrs"`
			`Description = "Looking for unique PDB strings"`
			`Reference = "https://www.threatconnect.com/where-there-is-smoke-there-is-fire-south-asian-cyber-espionage-heats-up/Operation Arachnophobia"`
			`Date = "2017-10-28"`
			`strings:`
			`$PDB1 = "C:\\Users\\Tranchulas\\Documents\\Visual Studio 2008\\Projects\\upload\\Release\\upload.pdb"`
			`$PDB2 = "C:\\Users\\Cath\\documents\\visual studio 2010\\Projects\\ExtractPDF\\Release\\ExtractPDF.pdb"`
			`$PDB3 = "C:\\Users\\Cath\\documents\\visual studio 2010\\Projects\\Start\\Release\\Start.pdb"`
			`$PDB4 = "C:\\Users\\Cert-India\\Documents\\Visual Studio 2008\\Projects\\ufile\\Release\\ufile.pdb"`
			`$PDB5 = "C:\\Users\\umairaziz27\\Documents\\Visual Studio 2008\\Projects\\usb\\Release\\usb.pdb"`
			`condition:`
			`any of them`
			`}`