Sneed-Group/Sneed-Reactivity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Sneed-Reactivity/yara-mikesxrs/Dragonthreatlabs/apt_c16_win_wateringhole.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK 
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

14 lines
No EOL
545 B
Text
Raw Blame History

rule apt_c16_win_wateringhole
{
meta:
author = "@dragonthreatlab"
description = "Detects code from APT wateringhole"
date = "2015/01/11"
reference = "http://blog.dragonthreatlabs.com/2015/01/dtl-12012015-01-hong-kong-swc-attack.html"
strings:
$str1 = "function runmumaa()"
$str2 = "Invoke-Expression $(New-Object IO.StreamReader ($(New-Object IO.Compression.DeflateStream ($(New-Object IO.MemoryStream (,$([Convert]::FromBase64String("
$str3 = "function MoSaklgEs7(k)"
condition:
any of ($str*)
}
Reference in a new issue View git blame Copy permalink