08e8d462fe
RED PILL 🔴 💊
16 lines
501 B
Text
16 lines
501 B
Text
rule KONNI_PDB
|
|
{
|
|
meta:
|
|
author = "mikesxrs"
|
|
description = "PDB Path in malware"
|
|
reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/"
|
|
|
|
strings:
|
|
$STR1= "C:\\Users\\zeus\\Documents\\Visual Studio 2010\\Projects\\virus-dropper\\Release\\virus-dropper.pdb"
|
|
$STR2= "C:\\Users\\zeus\\Documents\\Visual Studio 2010\\Projects\\"
|
|
$STR3= "\\virus-dropper\\Release\\virus-dropper.pdb"
|
|
|
|
condition:
|
|
any of them
|
|
|
|
}
|