Sneed-Reactivity/yara-mikesxrs/Airbus/derusbi_kernel.yar

rule derusbi_kernel
{
    meta:
        description = "Derusbi Driver version"
        date = "2015-12-09"
        author = "Airbus Defence and Space Cybersecurity CSIRT - Fabien Perigaud"
        reference = "http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family"
    strings:
    $token1 = "$$$--Hello"     
    $token2 = "Wrod--$$$"   
    $cfg = "XXXXXXXXXXXXXXX"
    $class = ".?AVPCC_BASEMOD@@"
    $MZ = "MZ"

    condition:
        $MZ at 0 and $token1 and $token2 and $cfg and $class
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 12:43:35 -05:00			`rule derusbi_kernel`
			`{`
			`meta:`
			`description = "Derusbi Driver version"`
			`date = "2015-12-09"`
			`author = "Airbus Defence and Space Cybersecurity CSIRT - Fabien Perigaud"`
			`reference = "http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family"`
			`strings:`
			`$token1 = "$$$--Hello"`
			`$token2 = "Wrod--$$$"`
			`$cfg = "XXXXXXXXXXXXXXX"`
			`$class = ".?AVPCC_BASEMOD@@"`
			`$MZ = "MZ"`

			`condition:`
			`$MZ at 0 and $token1 and $token2 and $cfg and $class`
			`}`