Sneed-Reactivity/yara-mikesxrs/Novetta/Derusbi_Server.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

15 lines
353 B
Text

rule Derusbi_Server
{
meta:
Author = "Novetta"
Reference = "http://www.novetta.com/wp-content/uploads/2014/11/Derusbi.pdf"
strings:
$uuid = "{93144EB0-8E3E-4591-B307-8EEBFE7DB28F}" wide ascii
$infectionID1 = "-%s-%03d"
$infectionID2 = "-%03d"
$other = "ZwLoadDriver"
condition:
$uuid or ($infectionID1 and $infectionID2 and $other)
}