qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/Backdoor/Win32/Venik/Backdoor_Win32_Venik_CnC.yar

12 lines
327 B
Plaintext
Raw Blame History

rule Backdoor_Win32_Venik_CnC{
meta:
description = "Backdoor:Win32/Venik!CnC,SIGNATURE_TYPE_PEHSTR_EXT,64 00 64 00 01 00 00 01 00 "
strings :
$a_01_0 = {3d 16 00 00 20 0f 87 07 01 00 00 0f 84 cc 00 00 00 3d 12 00 00 20 77 7d 74 65 3d 06 00 00 20 } //00 00
$a_00_1 = {5d } //04 00 ]
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink