Sneed-Reactivity/yara-mikesxrs/Citizen Lab/warp.yara

41 lines
810 B
Text
Raw Normal View History

private rule WarpCode : Warp Family
{
meta:
description = "Warp code features"
author = "Seth Hardy"
last_modified = "2014-07-10"
strings:
// character replacement
$ = { 80 38 2B 75 03 C6 00 2D 80 38 2F 75 03 C6 00 5F }
condition:
any of them
}
private rule WarpStrings : Warp Family
{
meta:
description = "Warp Identifying Strings"
author = "Seth Hardy"
last_modified = "2014-07-10"
strings:
$ = "/2011/n325423.shtml?"
$ = "wyle"
$ = "\\~ISUN32.EXE"
condition:
any of them
}
rule Warp : Family
{
meta:
description = "Warp"
author = "Seth Hardy"
last_modified = "2014-07-10"
condition:
WarpCode or WarpStrings
}