Sneed-Group/Sneed-Reactivity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/Mikesxrs/APT3_PDB_Paths.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

19 lines
1,000 B
Text
Raw Permalink Blame History

rule APT3_PDB_Paths
{
meta:
Author = "@X0RC1SM"
Description = "Looking for PDB paths found in report"
Reference1 = "https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html"
Date = "2017-10-28"
strings:
$PDB1 = "c:\\Users\\aa\\Documents\\Visual Studio 2008\\Projects\\MShell\\Release \\MShell.pdb"
$PDB2 = "c:\\Users\\aa\\Documents\\Visual Studio 2008\\Projects\\4113\\Release \\4113.pdb"
$PDB3 = "C:\\Users\\aa\\Documents\\Visual Studio 2010\\Projects\\MyRat\\Client\\Client \\obj\\x86\\Release\\Client.pdb"
$PDB4 = "C:\\Users\\aa\\Documents\\"
$PDB5 = "c:\\Users\\aa\\Documents\\Visual Studio 2008\\Projects\\MShell\\Release\\MShell.pdb"
$PDB6 = "c:\\Users\\aa\\Documents\\Visual Studio 2008\\Projects\\4113\\Release\\4113.pdb"
$PDB7 = "C:\\Users\\aa\\Documents\\Visual Studio 2010\\Projects\\MyRat\\Client\\Client\\obj\\x86\\Release\\Client.pdb"
condition:
any of them
}
Reference in a new issue View git blame Copy permalink