11 lines
363 B
Plaintext
11 lines
363 B
Plaintext
|
|
rule TrojanDownloader_O97M_Emotet_PKEE_MTB{
|
|
meta:
|
|
description = "TrojanDownloader:O97M/Emotet.PKEE!MTB,SIGNATURE_TYPE_MACROHSTR_EXT,01 00 01 00 01 00 00 01 00 "
|
|
|
|
strings :
|
|
$a_01_0 = {6a 69 6d 6c 6f 77 72 79 2e 63 6f 6d 2f 39 74 61 67 2f 4d 76 32 5a 59 59 36 31 4e 42 4f 66 38 2f } //00 00 jimlowry.com/9tag/Mv2ZYY61NBOf8/
|
|
condition:
|
|
any of ($a_*)
|
|
|
|
} |