Sneed-Reactivity/yara-mikesxrs/alienvault/APT1_known_malicious_RARSilent.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

14 lines
No EOL
412 B
Text

rule APT1_known_malicious_RARSilent
{
meta:
author = "AlienVault Labs"
info = "CommentCrew-threat-apt1"
strings:
$str1 = "Analysis And Outlook.doc\"" wide ascii
$str2 = "North Korean launch.pdf\"" wide ascii
$str3 = "Dollar General.doc\"" wide ascii
$str4 = "Dow Corning Corp.pdf\"" wide ascii
condition:
1 of them and APT1_RARSilent_EXE_PDF
}