valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 10:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
signature-base/yara/gen_kirbi_mimkatz.yar
Florian Roth c523ec8d63 fix: big false positive cleanup
2019-10-24 16:49:56 +02:00

23 lines
628 B
Plaintext
Raw Permalink Blame History

/*
Yara Rule Set
Author: Didier Stevens
Date: 2016-08-13
Identifier: KiRBi ticket for mimikatz
*/
/* Rule Set ----------------------------------------------------------------- */
rule mimikatz_kirbi_ticket
{
meta:
description = "KiRBi ticket for mimikatz"
author = "Benjamin DELPY (gentilkiwi); Didier Stevens"
strings:
$asn1 = { 76 82 ?? ?? 30 82 ?? ?? a0 03 02 01 05 a1 03 02 01 16 }
$asn1_84 = { 76 84 ?? ?? ?? ?? 30 84 ?? ?? ?? ?? a0 84 00 00 00 03 02 01 05 a1 84 00 00 00 03 02 01 16 }
condition:
$asn1 at 0 or $asn1_84 at 0
}
Reference in New Issue View Git Blame Copy Permalink