15 lines
560 B
Text
15 lines
560 B
Text
|
rule CN_group_PDB
|
||
|
{
|
||
|
meta:
|
||
|
Author = "mikesxrs"
|
||
|
Description = "Looking for unique 1937CN group PDB"
|
||
|
Reference = "https://www.votiro.com/single-post/2017/08/23/Votiro-Labs-exposed-a-new-hacking-campaign-targeting-Vietnamese-organisations-using-a-weaponized-Word-documents"
|
||
|
Date = "2017-08-23"
|
||
|
strings:
|
||
|
$PDB1 = "G:\\Work\\Bison\\BisonNewHNStubDll\\Release\\Goopdate.pdb" ascii wide nocase
|
||
|
$PDB2 = "G:\\Work\\Bison\\" ascii wide nocase
|
||
|
$PDB3 = "\\BisonNewHNStubDll\\Release\\Goopdate.pdb" ascii wide nocase
|
||
|
condition:
|
||
|
any of them
|
||
|
}
|