Sneed-Reactivity/yara-mikesxrs/patrickrolsen/tran_duy_linh.yar

15 lines
370 B
Text
Raw Normal View History

rule tran_duy_linh
{
meta:
author = "@patrickrolsen"
maltype = "Misc."
version = "0.2"
reference = "8fa804105b1e514e1998e543cd2ca4ea, 872876cfc9c1535cd2a5977568716ae1, etc."
date = "01/03/2014"
strings:
$doc = {D0 CF 11 E0} //DOCFILE0
$string1 = "Tran Duy Linh" fullword
$string2 = "DLC Corporation" fullword
condition:
($doc at 0) and (all of ($string*))
}