Sneed-Reactivity/yara-mikesxrs/alienvault/BISCUIT_GREENCAT_APT1.yar

rule BISCUIT_GREENCAT_APT1 {
    meta:
        author = "AlienVault Labs"
        info = "CommentCrew-threat-apt1"

        strings:
                $s1 = "zxdosml" wide ascii
                $s2 = "get user name error!" wide ascii
                $s3 = "get computer name error!" wide ascii
                $s4 = "----client system info----" wide ascii
                $s5 = "stfile" wide ascii
                $s6 = "cmd success!" wide ascii

        condition:
                all of them
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule BISCUIT_GREENCAT_APT1 {`
			`meta:`
			`author = "AlienVault Labs"`
			`info = "CommentCrew-threat-apt1"`

			`strings:`
			`$s1 = "zxdosml" wide ascii`
			`$s2 = "get user name error!" wide ascii`
			`$s3 = "get computer name error!" wide ascii`
			`$s4 = "----client system info----" wide ascii`
			`$s5 = "stfile" wide ascii`
			`$s6 = "cmd success!" wide ascii`

			`condition:`
			`all of them`
			`}`