Sneed-Reactivity/yara-mikesxrs/alienvault/APT1_known_malicious_RARSilent.yar

rule APT1_known_malicious_RARSilent
{
    meta:
        author = "AlienVault Labs"
        info = "CommentCrew-threat-apt1"

    strings:
        $str1 = "Analysis And Outlook.doc\"" wide ascii
        $str2 = "North Korean launch.pdf\"" wide ascii
        $str3 = "Dollar General.doc\"" wide ascii
        $str4 = "Dow Corning Corp.pdf\"" wide ascii
    condition:
        1 of them and APT1_RARSilent_EXE_PDF
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule APT1_known_malicious_RARSilent`
			`{`
			`meta:`
			`author = "AlienVault Labs"`
			`info = "CommentCrew-threat-apt1"`

			`strings:`
			`$str1 = "Analysis And Outlook.doc\"" wide ascii`
			`$str2 = "North Korean launch.pdf\"" wide ascii`
			`$str3 = "Dollar General.doc\"" wide ascii`
			`$str4 = "Dow Corning Corp.pdf\"" wide ascii`
			`condition:`
			`1 of them and APT1_RARSilent_EXE_PDF`
			`}`