08e8d462fe
RED PILL 🔴 💊
15 lines
No EOL
398 B
Text
15 lines
No EOL
398 B
Text
rule ID2015032010000026
|
|
{
|
|
meta:
|
|
author = "mbl"
|
|
info = "IOC detection - Version 1.0"
|
|
reference = "https://github.com/phbiohazard/Yara"
|
|
strings:
|
|
$genep1 = {4D 5A 90 00 03 00}
|
|
$contep1 = {4D D0 FF EB 22 C7 85 78 FF FF FF 1C 00 00 00 EB}
|
|
$contep2 = {2F 77 77 77 2E 74 68 61 77 74 65 2E 63 6F 6D 2F}
|
|
|
|
condition:
|
|
$genep1 and ($contep1 in (0x5d90..0x5d9f) and $contep2 in (0x27e70..0x27e7f))
|
|
|
|
} |