Sneed-Reactivity/yara-mikesxrs/paloalto/general_win_dll_golang_socks.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

15 lines
407 B
Text

import "pe"
rule general_win_dll_golang_socks
{
meta:
author = "paloaltonetworks"
date = "2022-03-13"
description = "Highly suspicious GO DLL with proxy communication capabilities"
reference = "https://unit42.paloaltonetworks.com/popping-eagle-malware/"
condition:
general_win_golang_socks and
(pe.characteristics & pe.DLL) and pe.is_dll()
}