Sneed-Reactivity/yara-mikesxrs/Mikesxrs/KONNI_PDB.yar
Sam Sneed 08e8d462fe OMG ISTG PLS WORK
RED PILL 🔴 💊
2024-07-25 12:43:35 -05:00

16 lines
501 B
Text

rule KONNI_PDB
{
meta:
author = "mikesxrs"
description = "PDB Path in malware"
reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/"
strings:
$STR1= "C:\\Users\\zeus\\Documents\\Visual Studio 2010\\Projects\\virus-dropper\\Release\\virus-dropper.pdb"
$STR2= "C:\\Users\\zeus\\Documents\\Visual Studio 2010\\Projects\\"
$STR3= "\\virus-dropper\\Release\\virus-dropper.pdb"
condition:
any of them
}