Sneed-Reactivity/yara-mikesxrs/alienvault/EclipseSunCloudRAT.yar

rule EclipseSunCloudRAT
{
    meta:
        author = "AlienVault Labs"
        info = "CommentCrew-threat-apt1"

  strings:
    $a = "Eclipse_A" wide ascii
    $b = "\\PJTS\\" wide ascii
    $c = "Eclipse_Client_B.pdb" wide ascii
    $d = "XiaoME" wide ascii
    $e = "SunCloud-Code" wide ascii
    $f = "/uc_server/data/forum.asp" wide ascii

  condition:
    any of them
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule EclipseSunCloudRAT`
			`{`
			`meta:`
			`author = "AlienVault Labs"`
			`info = "CommentCrew-threat-apt1"`

			`strings:`
			`$a = "Eclipse_A" wide ascii`
			`$b = "\\PJTS\\" wide ascii`
			`$c = "Eclipse_Client_B.pdb" wide ascii`
			`$d = "XiaoME" wide ascii`
			`$e = "SunCloud-Code" wide ascii`
			`$f = "/uc_server/data/forum.asp" wide ascii`

			`condition:`
			`any of them`
			`}`