Sneed-Reactivity/yara-mikesxrs/kaspersky/exploit_Silverlight_Toropov_Generic_XAP.yar

rule exploit_Silverlight_Toropov_Generic_XAP {
	
	meta:

		author = "Kaspersky Lab"
		filetype = "Win32 EXE"
		date = "2015-07-23"
		version = "1.0"
		Reference = "https://securelist.com/blog/research/73255/the-mysterious-case-of-cve-2016-0034-the-hunt-for-a-microsoft-silverlight-0-day/"

strings:

	$b2="Can't find Payload() address" ascii wide
	$b3="/SilverApp1;compoent/App.xaml" ascii wide
	$b4="Can't allocate ums after buf[]" ascii wide
	$b5="------------  START  ------------"

condition:

	((2 of ($b*)) )
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule exploit_Silverlight_Toropov_Generic_XAP {`

			`meta:`

			`author = "Kaspersky Lab"`
			`filetype = "Win32 EXE"`
			`date = "2015-07-23"`
			`version = "1.0"`
			`Reference = "https://securelist.com/blog/research/73255/the-mysterious-case-of-cve-2016-0034-the-hunt-for-a-microsoft-silverlight-0-day/"`

			`strings:`

			`$b2="Can't find Payload() address" ascii wide`
			`$b3="/SilverApp1;compoent/App.xaml" ascii wide`
			`$b4="Can't allocate ums after buf[]" ascii wide`
			`$b5="------------ START ------------"`

			`condition:`

			`((2 of ($b*)) )`
			`}`