Sneed-Reactivity/yara-mikesxrs/1aN0rmus/memory.yara

rule pos_memory_scrapper
{
meta:
    author = "@patrickrolsen"
    maltype = "Point of Sale (POS) Malware Memory Scraper"
    version = "0.1"
    description = "POS Memory Scraper"
    reference = "7f9cdc380eeed16eaab3e48d59f271aa -> http://www.xylibox.com/2013/05/dump-memory-grabber-blackpos.html"
    date = "12/30/2013"
strings:
    $string1 = "kartoxa" nocase
    $string2 = "CC2 region:"
    $string3 = "CC memregion:"
    $string4 = "target pid:"
    $string5 = "scan all processes:"
    $string6 = "<pid> <PATTERN>"
condition:
    all of ($string*)
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 12:43:35 -05:00			`rule pos_memory_scrapper`
			`{`
			`meta:`
			`author = "@patrickrolsen"`
			`maltype = "Point of Sale (POS) Malware Memory Scraper"`
			`version = "0.1"`
			`description = "POS Memory Scraper"`
			`reference = "7f9cdc380eeed16eaab3e48d59f271aa -> http://www.xylibox.com/2013/05/dump-memory-grabber-blackpos.html"`
			`date = "12/30/2013"`
			`strings:`
			`$string1 = "kartoxa" nocase`
			`$string2 = "CC2 region:"`
			`$string3 = "CC memregion:"`
			`$string4 = "target pid:"`
			`$string5 = "scan all processes:"`
			`$string6 = "<pid> <PATTERN>"`
			`condition:`
			`all of ($string*)`
			`}`