qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/Win32/Nethief/Backdoor_Win32_Nethief_Y.yar

19 lines
994 B
Plaintext
Raw Blame History

rule Backdoor_Win32_Nethief_Y{
meta:
description = "Backdoor:Win32/Nethief.Y,SIGNATURE_TYPE_PEHSTR,03 00 03 00 09 00 00 01 00 "
strings :
$a_01_0 = {6e 65 74 68 69 65 66 2d 63 61 6c 6c 62 6f 61 72 64 2f 4e 65 74 } //01 00 nethief-callboard/Net
$a_01_1 = {4e 65 74 68 69 65 66 20 69 73 20 74 65 73 74 69 6e 67 2e 2e 2e 21 } //01 00 Nethief is testing...!
$a_01_2 = {4e 65 74 68 69 65 66 5f 53 65 72 76 65 72 } //01 00 Nethief_Server
$a_01_3 = {4e 65 74 68 69 65 66 5f 43 6f 6e 6e 65 63 74 2e } //01 00 Nethief_Connect.
$a_01_4 = {4e 65 74 68 69 65 66 5f 4e 6f 74 69 66 79 2e } //01 00 Nethief_Notify.
$a_01_5 = {68 69 65 66 5f 53 65 72 76 65 72 20 2d } //01 00 hief_Server -
$a_01_6 = {64 65 6c 20 4e 65 74 68 69 65 66 } //01 00 del Nethief
$a_01_7 = {74 68 69 65 66 5f 43 61 6c 6c 62 6f 61 72 64 2e 64 61 74 } //01 00 thief_Callboard.dat
$a_01_8 = {74 68 69 65 66 5f 56 65 72 73 69 6f 6e 2e 64 61 74 } //00 00 thief_Version.dat
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink