20 lines
889 B
Text
20 lines
889 B
Text
|
rule Cleaver_PDB
|
||
|
{
|
||
|
meta:
|
||
|
Author = "@X0RC1SM"
|
||
|
Description = "Looking for unique PDB"
|
||
|
Reference = "https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf"
|
||
|
Date = "2017-10-28"
|
||
|
strings:
|
||
|
$PDB1 = "e:\\projects\\cleaver\\trunk\\zhoupin_cleaver\\obj\\x86\\release\\netscp.pdb" ascii wide nocase
|
||
|
$PDB2 = "c:\\users\\jimbp\\desktop\\binder_1 - for cleaver\\binder_1\\obj\\x86\\release\\setup.pdb" ascii wide nocase
|
||
|
$PDB3 = "e:\\Projects\\Cleaver\\trunk\\MainModule\\obj\\Release\\MainModule.pdb" ascii wide nocase
|
||
|
$PDB4 = "e:\\projects\\cleaver\\" ascii wide nocase
|
||
|
$PDB5 = "c:\\users\\jimbp\\" ascii wide nocase
|
||
|
$PDB6 = "zhoupin_cleaver\\" ascii wide nocase
|
||
|
$PDB7 = "\\Projects\\Cleaver\\" ascii wide nocase
|
||
|
$PDB8 = "\\binder_1 - for cleaver\\" ascii wide nocase
|
||
|
condition:
|
||
|
any of them
|
||
|
}
|