Skip to content

R
rules
Commit 194737d4 by mmorenog Committed by GitHub
Options

Update RANSOM_MS17-010_Wannacrypt.yar

parent 67cd0406
Showing with 2 additions and 4 deletions
malware/RANSOM_MS17-010_Wannacrypt.yar
...@@ -249,10 +249,8 @@ rule lazaruswannacry { ...@@ -249,10 +249,8 @@ rule lazaruswannacry {
hash = "9c7c7149387a1c79679a87dd1ba755bc" hash = "9c7c7149387a1c79679a87dd1ba755bc"
hash = "ac21c8ad899727137c4b94458d7aa8d8" hash = "ac21c8ad899727137c4b94458d7aa8d8"
strings: strings:
$a1 = { 51 53 55 8B 6C 24 10 56 57 6A 20 8B 45 00 8D 75 $a1 = { 51 53 55 8B 6C 24 10 56 57 6A 20 8B 45 00 8D 75 04 24 01 0C 01 46 89 45 00 C6 46 FF 03 C6 06 01 46 56 E8 }
04 24 01 0C 01 46 89 45 00 C6 46 FF 03 C6 06 01 46 $a2 = { 03 00 04 00 05 00 06 00 08 00 09 00 0A 00 0D 00
56 E8 }
$a2 = { 03 00 04 00 05 00 06 00 08 00 09 00 0A 00 0D 00
10 00 11 00 12 00 13 00 14 00 15 00 16 00 2F 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 2F 00
30 00 31 00 32 00 33 00 34 00 35 00 36 00 37 00 30 00 31 00 32 00 33 00 34 00 35 00 36 00 37 00
38 00 39 00 3C 00 3D 00 3E 00 3F 00 40 00 41 00 38 00 39 00 3C 00 3D 00 3E 00 3F 00 40 00 41 00
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment