Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
rules
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
rules
Commits
287d4f63
Commit
287d4f63
authored
Mar 17, 2016
by
mmorenog
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #100 from seifreed/patch-15
Create CredStealer
parents
97d83351
12fe5912
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
13 additions
and
0 deletions
+13
-0
CredStealer
malware/CredStealer
+13
-0
No files found.
malware/CredStealer
0 → 100644
View file @
287d4f63
rule CredStealESY : For CredStealer
{
meta:
description = "Generic Rule to detect the CredStealer Malware"
author = "IsecG – McAfee Labs"
reference = "https://blogs.mcafee.com/mcafee-labs/when-hackers-get-hacked-the-malware-servers-of-a-data-stealing-campaign/"
date = "2015/05/08"
strings:
$my_hex_string = "CurrentControlSet\\Control\\Keyboard Layouts\\" wide //malware trying to get keyboard layout
$my_hex_string2 = {89 45 E8 3B 7D E8 7C 0F 8B 45 E8 05 FF 00 00 00 2B C7 89 45 E8} //specific decryption module
condition:
$my_hex_string and $my_hex_string2
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
