Sneed-Reactivity/yara-mikesxrs/Mikesxrs/Final1stspy_PDB.yar

18 lines
546 B
Text
Raw Normal View History

rule Final1stspy_PDB
{
meta:
author = "mikesxrs"
description = "PDB Path in malware"
reference = "https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/"
strings:
$STR1= "E:\\Final Project(20180108)\\Final1stspy\\LoadDll\\Release\\LoadDll.pdb"
$STR2= "E:\\Final Project(20180108)\\Final1stspy\\hadowexecute Copy\\Release\\hadowexecute.pdb"
$STR3= "E:\\Final Project(20180108)\\Final1stspy\\"
condition:
any of them
}