Sneed-Reactivity/yara-mikesxrs/alienvault/sandboxdetect_misc.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

21 lines
473 B
Text

rule sandboxdetect_misc : sandboxdetect
{
meta:
author = "AlienVault Labs"
type = "info"
severity = 1
description = "Sandbox detection tricks"
strings:
$sbxie1 = "sbiedll" nocase ascii wide
// CWSandbox
$prodid1 = "55274-640-2673064-23950" ascii wide
$prodid2 = "76487-644-3177037-23510" ascii wide
$prodid3 = "76487-337-8429955-22614" ascii wide
$proc1 = "joeboxserver" ascii wide
$proc2 = "joeboxcontrol" ascii wide
condition:
any of them
}