Sneed-Group/Sneed-Reactivity
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/Fireeye/FE_APT_9002_rat.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

19 lines
No EOL
334 B
Text
Raw Blame History

rule FE_APT_9002_rat
{
meta:
author = "FireEye Labs"
reference = "https://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html"
strings:
$mz = {4d 5a}
$a = "rat_UnInstall" wide ascii
condition:
($mz at 0) and $a
}
Reference in a new issue View git blame Copy permalink