Sneed-Reactivity/yara-mikesxrs/crowdstrike/CrowdStrike_ PutterPanda _06 _ xor_dropper putterpanda.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

16 lines
No EOL
359 B
Text

rule CrowdStrike_PutterPanda_06 : xor_dropper putterpanda
{
meta:
description = "PUTTER PANDA - XOR based dropper"
date = "2014-03-30"
version = "1.0"
in_the_wild = true
copyright = "CrowdStrike, Inc."
actor = "PUTTER PANDA"
strings:
$xorloop = { 8b d0 83 e2 0f 8a 54 14 04 30 14 01 83 c0 01 3b c6 7c ed }
condition:
$xorloop
}