Sneed-Reactivity/yara-mikesxrs/malc0de/lightbolt_apt1.yar

rule lightbolt : apt
{
    strings:
        $a = "bits.exe a all.jpg .\\ALL -hp%s"
        $b = "The %s store has been opened"
		$c = "Machine%d"
		$d = "Service%d"
		$e = "7z;ace;arj;bz2;cab;gz;jpeg;jpg;lha;lzh;mp3;rar;taz;tgz;z;zip"
    condition:
        filesize < 300KB and (5 of ($a,$b,$c,$d,$e))
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 12:43:35 -05:00			`rule lightbolt : apt`
			`{`
			`strings:`
			`$a = "bits.exe a all.jpg .\\ALL -hp%s"`
			`$b = "The %s store has been opened"`
			`$c = "Machine%d"`
			`$d = "Service%d"`
			`$e = "7z;ace;arj;bz2;cab;gz;jpeg;jpg;lha;lzh;mp3;rar;taz;tgz;z;zip"`
			`condition:`
			`filesize < 300KB and (5 of ($a,$b,$c,$d,$e))`
			`}`