Skip to content

R
rules
Commit 2551753b by mmorenog
Options

Update IndiaBravo.yara

parent 641023d9
Showing with 1 additions and 19 deletions
malware/Operation_Blockbuster/IndiaBravo.yara
...@@ -69,25 +69,7 @@ rule IndiaBravo_RomeoBravo ...@@ -69,25 +69,7 @@ rule IndiaBravo_RomeoBravo
FF 15 6C E7 40 00 call CloseHandle_9 FF 15 6C E7 40 00 call CloseHandle_9
*/ */
$a = { $a = {E8 [4] 68 [2] 00 00 68 [4] A3 [4] 89 15 [4] E8 [4] 83 C4 08 8D [3] 6A 00 5? 68 [2] 00 00 68 [4] 5? FF 15 [4] 5? FF 15}
E8 [4]
68 [2] 00 00
68 [4]
A3 [4]
89 15 [4]
E8 [4]
83 C4 08
8D [3]
6A 00
5?
68 [2] 00 00
68 [4]
5?
FF 15 [4]
5?
FF 15
}
$b1 = "tmscompg.msi" wide $b1 = "tmscompg.msi" wide
$b2 = "cvrit000.bat" $b2 = "cvrit000.bat"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment