valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: trying to fix a minor issue with a rule condition

Browse Source
This commit is contained in:
Florian Roth 2020-12-09 09:27:15 +01:00
parent a0b73e5c10
commit 82b0f0cbb9
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
yara/gen_fireeye_redteam_tools.yar
View File

@ -1301,11 +1301,11 @@ rule APT_Builder_PY_REDFLARE_2
rev = 1
author = "FireEye"
strings:
$1 = "<510sxxII"
$2 = "0x43,0x00,0x3a,0x00,0x5c,0x00,0x57,0x00,0x69,0x00,0x6e,0x00,0x64,0x00,0x6f,0x00,"
$3 = "parsePluginOutput"
$s1 = "<510sxxII"
$s2 = "0x43,0x00,0x3a,0x00,0x5c,0x00,0x57,0x00,0x69,0x00,0x6e,0x00,0x64,0x00,0x6f,0x00,"
$s3 = "parsePluginOutput"
condition:
all of them and #2 == 2
all of them and #s2 == 2
}
rule APT_Loader_Win32_DShell_3
{