qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/MacOS/AppleJeus/Backdoor_MacOS_AppleJeus_A.yar

13 lines
488 B
Plaintext
Raw Permalink Blame History

rule Backdoor_MacOS_AppleJeus_A{
meta:
description = "Backdoor:MacOS/AppleJeus.A,SIGNATURE_TYPE_MACHOHSTR_EXT,02 00 02 00 03 00 00 "
strings :
$a_01_0 = {4d 6f 7a 26 57 69 65 3b 23 74 2f 36 54 21 32 79 } //1 Moz&Wie;#t/6T!2y
$a_01_1 = {2d 2d 6a 65 75 73 0d 0a 43 6f 6e 74 65 6e 74 2d } //1
$a_00_2 = {2f 76 61 72 2f 7a 64 69 66 66 73 65 63 00 46 69 6c 65 20 6f 70 65 6e 20 66 61 69 6c 65 64 00 } //1
condition:
((#a_01_0 & 1)*1+(#a_01_1 & 1)*1+(#a_00_2 & 1)*1) >=2
}
Reference in New Issue View Git Blame Copy Permalink