valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-07 02:25:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #3 from jonaslejon/master

Browse Source 
Add new mimkatz yara-signature
This commit is contained in:
Florian Roth 2016-08-15 14:51:19 +02:00 committed by GitHub
commit 9a23aba2c4
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
yara/gen_kirbi_mimkatz.yar Normal file
View File

@ -0,0 +1,22 @@
/*
Yara Rule Set
Author: Didier Stevens
Date: 2016-08-13
Identifier: KiRBi ticket for mimikatz
*/
/* Rule Set ----------------------------------------------------------------- */
rule mimikatz_kirbi_ticket
{
meta:
description = "KiRBi ticket for mimikatz"
author = "Benjamin DELPY (gentilkiwi); Didier Stevens"
strings:
$asn1 = { 76 82 ?? ?? 30 82 ?? ?? a0 03 02 01 05 a1 03 02 01 16 }
$asn1_84 = { 76 84 ?? ?? ?? ?? 30 84 ?? ?? ?? ?? a0 84 00 00 00 03 02 01 05 a1 84 00 00 00 03 02 01 16 }
condition:
$asn1 at 0 or $asn1_84 at 0
}