Sneed-Reactivity/yara-mikesxrs/Mikesxrs/Final1stspy_PDB.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

17 lines
546 B
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

rule Final1stspy_PDB
{
meta:
author = "mikesxrs"
description = "PDB Path in malware"
reference = "https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/"
strings:
$STR1= "E:\\Final Project(20180108)\\Final1stspy\\LoadDll\\Release\\LoadDll.pdb"
$STR2= "E:\\Final Project(20180108)\\Final1stspy\\hadowexecute Copy\\Release\\hadowexecute.pdb"
$STR3= "E:\\Final Project(20180108)\\Final1stspy\\"
condition:
any of them
}