qwqdanchun
/
DefenderYara
mirror of https://github.com/qwqdanchun/DefenderYara.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DefenderYara/TrojanSpy/BAT/Taktace/TrojanSpy_BAT_Taktace_A.yar

20 lines
942 B
Plaintext
Raw Blame History

rule TrojanSpy_BAT_Taktace_A{
meta:
description = "TrojanSpy:BAT/Taktace.A,SIGNATURE_TYPE_PEHSTR_EXT,09 00 07 00 09 00 00 01 00 "
strings :
$a_01_0 = {51 00 2d 00 31 00 2d 00 71 00 } //01 00 Q-1-q
$a_01_1 = {51 00 2d 00 32 00 2d 00 71 00 } //01 00 Q-2-q
$a_01_2 = {51 00 2d 00 33 00 2d 00 71 00 } //01 00 Q-3-q
$a_01_3 = {54 00 52 00 41 00 43 00 4b 00 20 00 41 00 4e 00 44 00 20 00 54 00 52 00 41 00 43 00 45 00 } //01 00 TRACK AND TRACE
$a_01_4 = {74 72 61 63 6b 61 6e 64 74 72 61 63 65 00 } //01 00 牴捡慫摮牴捡e
$a_01_5 = {53 6e 69 70 49 6e 74 6f 53 75 62 64 6f 6d 61 69 6e 73 00 } //01 00
$a_01_6 = {73 65 6e 64 44 4e 53 73 74 72 69 6e 67 00 } //01 00 敳摮乄獓牴湩g
$a_01_7 = {67 65 74 44 72 69 76 65 73 43 6f 6e 74 65 6e 74 00 } //01 00
$a_01_8 = {62 79 74 65 73 5f 70 65 72 5f 64 6e 73 00 } //00 00 祢整彳数彲湤s
$a_00_9 = {5d 04 00 00 28 } //26 03
condition:
any of ($a_*)
}
Reference in New Issue View Git Blame Copy Permalink