Sneed-Reactivity/yara-mikesxrs/paloalto/general_win_dll_golang_socks.yar

import "pe"

rule general_win_dll_golang_socks
{
    meta:
        author = "paloaltonetworks"
        date = "2022-03-13"
        description = "Highly suspicious GO DLL with proxy communication capabilities"
        reference = "https://unit42.paloaltonetworks.com/popping-eagle-malware/"
 
    condition:    
        general_win_golang_socks and 
        (pe.characteristics & pe.DLL) and pe.is_dll()
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`import "pe"`

			`rule general_win_dll_golang_socks`
			`{`
			`meta:`
			`author = "paloaltonetworks"`
			`date = "2022-03-13"`
			`description = "Highly suspicious GO DLL with proxy communication capabilities"`
			`reference = "https://unit42.paloaltonetworks.com/popping-eagle-malware/"`

			`condition:`
			`general_win_golang_socks and`
			`(pe.characteristics & pe.DLL) and pe.is_dll()`
			`}`