Sneed-Reactivity/yara-mikesxrs/Novetta/Derusbi_Server.yar

rule Derusbi_Server
{
	meta:
		Author = "Novetta"
		Reference = "http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf"

	strings:
		$uuid = "{93144EB0-8E3E-4591-B307-8EEBFE7DB28F}" wide ascii
		$infectionID1 = "-%s-%03d"
		$infectionID2 = "-%03d"
		$other = "ZwLoadDriver"

	condition:
		$uuid or ($infectionID1 and $infectionID2 and $other)
}
OMG ISTG PLS WORK RED PILL :red_circle: :pill: 2024-07-25 17:43:35 +00:00			`rule Derusbi_Server`
			`{`
			`meta:`
			`Author = "Novetta"`
			`Reference = "http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf"`

			`strings:`
			`$uuid = "{93144EB0-8E3E-4591-B307-8EEBFE7DB28F}" wide ascii`
			`$infectionID1 = "-%s-%03d"`
			`$infectionID2 = "-%03d"`
			`$other = "ZwLoadDriver"`

			`condition:`
			`$uuid or ($infectionID1 and $infectionID2 and $other)`
			`}`