Sneed-Reactivity/yara-mikesxrs/alienvault/MoonProject.yar

rule MoonProject
{
    meta:
        author = "AlienVault Labs"
        info = "CommentCrew-threat-apt1"

  strings:
    $a = "Serverfile is smaller than Clientfile" wide ascii
    $b = "\\M tools\\" wide ascii
    $c = "MoonDLL" wide ascii
        $d = "\\M tools\\" wide ascii

  condition:
    any of them
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule MoonProject`
			`{`
			`meta:`
			`author = "AlienVault Labs"`
			`info = "CommentCrew-threat-apt1"`

			`strings:`
			`$a = "Serverfile is smaller than Clientfile" wide ascii`
			`$b = "\\M tools\\" wide ascii`
			`$c = "MoonDLL" wide ascii`
			`$d = "\\M tools\\" wide ascii`

			`condition:`
			`any of them`
			`}`