Sneed-Group/Sneed-Reactivity
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/one offs/nettraveler.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

26 lines
923 B
Text
Raw Blame History

/*
Rules generated from APT Report NetTraveler
http://www.securelist.com/en/blog/8105/NetTraveler_is_Running_Red_Star_APT_Attacks_Compromise_High_Profile_Victims
*/
rule APT_Malware_BAT_Contents {
meta: description = "APT Malware Batch File Contents" threat_level = 10 score = 60
strings:
$a1 = ">nul del"
$a2 = "service.exe"
$a3 = "service.dll"
condition: all of them
}
rule APT_Malware_NetTraveler_Saker {
meta: description = "APT Malware NetTraveler Saker" threat_level = 10 score = 50
strings:
$a1 = "JustTempFun" fullword
$a2 = "servicemain" nocase fullword
condition: all of them
}
rule APT_Malware_NetTraveler_Trojan {
meta: description = "APT Malware NetTraveler Trojan" threat_level = 10 score = 65
strings:
$a1 = "Get From IEOption!"
$a2 = "Get From Reg!"
condition: all of them
}
Reference in a new issue View git blame Copy permalink