Sneed-Group/Sneed-Reactivity
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/US CERT/APT29_IMPLANT_12.yara
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

13 lines
318 B
Text
Raw Blame History

rule IMPLANT_12_v1
{
meta:
author = "US-CERT"
description = "CosmicDuke"
reference = "https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf"
strings:
$FUNC = {a1 [3-5] 33 c5 89 [2-3] 56 57 83 [4-6] 64}
condition:
(uint16(0) == 0x5A4D) and $FUNC
}
Reference in a new issue View git blame Copy permalink