valitydev/signature-base
14
0
Fork 0
mirror of https://github.com/valitydev/signature-base.git synced 2024-11-06 18:15:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
93f5f200ed
signature-base/yara/crime_malumpos.yar

17 lines
517 B
Plaintext
Raw Blame History

rule PoS_Malware_MalumPOS
{
meta:
author = "Trend Micro, Inc."
date = "2015-05-25"
description = "Used to detect MalumPOS memory dumper"
sample_filtype = "exe"
strings:
$string1 = "SOFTWARE\\Borland\\Delphi\\RTL"
$string2 = "B)[0-9]{13,19}\\"
$string3 = "[A-Za-z\\s]{0,30}\\/[A-Za-z\\s]{0,30}\\"
$string4 = "TRegExpr(exec): ExecNext Without Exec[Pos]"
$string5 = /Y:\\PROGRAMS\\.{20,300}\.pas/
condition:
all of ($string*)
}
Reference in New Issue View Git Blame Copy Permalink