Skip to content

R
rules
Switch branch/tag
Find file
BlameHistoryPermalink
RomeoEcho.yara 288 Bytes
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 
import "pe"

rule RomeoEcho
{
	meta:
		copyright = "2015 Novetta Solutions"
		author = "Novetta Threat Research & Interdiction Group - trig@novetta.com"

	strings:
		$ = "%s %-20s %10lu %s"
		$ = "_quit"
		$ = "_exe"
		$ = "_put"
		$ = "_get"

	condition:
		all of them
}