Sneed-Reactivity/yara-mikesxrs/AirBnB/malware_windows_moonlightmaze_encrypted_keyloger.yara
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

11 lines
334 B
Text

rule malware_windows_moonlightmaze_encrypted_keyloger
{
meta:
description = "Rule to detect Moonlight Maze encrypted keylogger logs"
reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
author = "Kaspersky Lab"
strings:
$a1 = {47 01 22 2A 6D 3E 39 2C}
condition:
($a1 at 0)
}