14 lines
312 B
Text
14 lines
312 B
Text
|
rule snake
|
||
|
{
|
||
|
meta:
|
||
|
author = "artemon security"
|
||
|
md5 = "40aa66d9600d82e6c814b5307c137be5"
|
||
|
reference = "http://artemonsecurity.com/uroburos.pdf"
|
||
|
strings:
|
||
|
$ModuleStart = { 00 4D 6F 64 75 6C 65 53 74 61 72 74 00 }
|
||
|
$ModuleStop = { 00 4D 6F 64 75 6C 65 53 74 6F 70 00}
|
||
|
$firefox = "firefox.exe"
|
||
|
condition:
|
||
|
all of them
|
||
|
}
|