Sneed-Reactivity/yara-mikesxrs/Mikesxrs/Luckymouse_cert.yar

15 lines
404 B
Text
Raw Normal View History

rule LUCKYMOUSE_Stolen_CERT
{
meta:
author = "mikesxrs"
description = "Certificate used to sign malware, could result in False positive due to it being legitimate"
reference = "https://securelist.com/luckymouse-ndisproxy-driver/87914/"
strings:
$STR1 = {78 62 07 2d dc 75 9e 5f 6a 61 4b e9 b9 3b d5 21}
$STR2 = "ShenZhen LeagSoft Technology Co.,Ltd."
condition:
all of them
}