Sneed-Group/Sneed-Reactivity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/Mandiant/UNC3524_sha1.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

25 lines
408 B
Text
Raw Permalink Blame History

rule UNC3524_sha1
{
meta:
author = "Mandiant"
reference = "https://www.mandiant.com/resources/unc3524-eye-spy-email"
date_created = "2022-01-19"
date_modified = "2022-01-19"
strings:
$h1 = { DD E5 D5 97 20 53 27 BF F0 A2 BA CD 96 35 9A AD 1C 75 EB 47 }
condition:
uint32be(0) == 0x7F454C46 and filesize < 10MB and all of them
}
Reference in a new issue View git blame Copy permalink