Sneed-Group/Sneed-Reactivity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/plxsertr/ntserverdll.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

22 lines
No EOL
753 B
Text
Raw Permalink Blame History

rule StormNtServerDLL : ntserverdll
{
meta:
author = "plxsert"
date = "2014-02-04"
description = "Storm ntserver dll"
sample_filetype = "dll"
strings:
$string0 = "GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.aspGET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.htmlGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.aspGET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.html"
$string1 = "Network China NetBot" fullword
//$string2 = "Windows China Driver" fullword
$string3 = "Made in China DDoS" fullword
$string4 = "SerDLL.dll" fullword
$string5 = "Accept-Language: zh-cn" fullword
$string6 = "dddd asdfddddf" fullword
condition:
all of ($string*)
}
Reference in a new issue View git blame Copy permalink