Sneed-Group/Sneed-Reactivity
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/Fireeye/FE_APT_9002_rat.yar

19 lines
334 B
Text
Raw Normal View History

OMG ISTG PLS WORK RED PILL :red_circle: :pill:
2024-07-25 17:43:35 +00:00
rule FE_APT_9002_rat
{
meta:
author = "FireEye Labs"
reference = "https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html"
strings:
$mz = {4d 5a}
$a = "rat_UnInstall" wide ascii
condition:
($mz at 0) and $a
}
Reference in a new issue Copy permalink