Sneed-Group/Sneed-Reactivity
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/kaspersky/apt_ProjectSauron_encryption.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

22 lines
443 B
Text
Raw Blame History

import "pe"
import "math"
rule apt_ProjectSauron_encryption {
meta:
copyright = "Kaspersky Lab"
description = "Rule to detect ProjectSauron string encryption"
version = "1.0"
reference = "https://securelist.com/blog/"
strings:
$a1 = {81??02AA02C175??8B??0685}
$a2 = {918D9A94CDCC939A93939BD18B9AB8DE9C908DAF8D9B9BBE8C8C9AFF}
$a3 = {803E225775??807E019F75??807E02BE75??807E0309}
condition:
filesize < 5000000 and
any of ($a*)
}
Reference in a new issue View git blame Copy permalink