mirror of
https://github.com/valitydev/signature-base.git
synced 2024-11-07 02:25:19 +00:00
20 lines
416 B
Plaintext
20 lines
416 B
Plaintext
/*
|
|
Yara Rule Set
|
|
Author: Didier Stevens
|
|
Date: 2016-08-13
|
|
Identifier: KiRBi ticket for mimikatz
|
|
*/
|
|
|
|
/* Rule Set ----------------------------------------------------------------- */
|
|
|
|
rule mimikatz_kirbi_ticket
|
|
{
|
|
meta:
|
|
description = "KiRBi ticket for mimikatz"
|
|
author = "Benjamin DELPY (gentilkiwi)"
|
|
strings:
|
|
$asn1 = { 76 82 ?? ?? 30 82 ?? ?? a0 03 02 01 05 a1 03 02 01 16 }
|
|
condition:
|
|
$asn1 at 0
|
|
}
|