Sneed-Reactivity/yara-mikesxrs/crowdstrike/CrowdStrike_ PutterPanda _06 _ xor_dropper putterpanda.yar

rule CrowdStrike_PutterPanda_06 : xor_dropper putterpanda
	{
	meta:
		description = "PUTTER PANDA - XOR based dropper"
		date = "2014-03-30"
		version = "1.0"
		in_the_wild = true
		copyright = "CrowdStrike, Inc."
		actor = "PUTTER PANDA"
	
	strings:
	    $xorloop = { 8b d0 83 e2 0f 8a 54 14 04 30 14 01 83 c0 01 3b c6 7c ed  }
	
	condition:
	    $xorloop
	}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule CrowdStrike_PutterPanda_06 : xor_dropper putterpanda`
			`{`
			`meta:`
			`description = "PUTTER PANDA - XOR based dropper"`
			`date = "2014-03-30"`
			`version = "1.0"`
			`in_the_wild = true`
			`copyright = "CrowdStrike, Inc."`
			`actor = "PUTTER PANDA"`

			`strings:`
			`$xorloop = { 8b d0 83 e2 0f 8a 54 14 04 30 14 01 83 c0 01 3b c6 7c ed }`

			`condition:`
			`$xorloop`
			`}`