Skip to content

R
rules
Commit 641023d9 by mmorenog
Options

Update IndiaBravo.yara

parent 3ec9332b
Showing with 2 additions and 11 deletions
malware/Operation_Blockbuster/IndiaBravo.yara
...@@ -32,15 +32,7 @@ rule IndiaBravo_RomeoCharlie ...@@ -32,15 +32,7 @@ rule IndiaBravo_RomeoCharlie
75 08 jnz short loc_4043F0 75 08 jnz short loc_4043F0
*/ */
$a = { $a = {50 68 7E 66 04 80 8B 8D [4] 51 FF 15 [4] 83 F8 FF 75}
50
68 7E 66 04 80
8B 8D [4]
51
FF 15 [4]
83 F8 FF
75
}
$b1 = "xc123465-efff-87cc-37abcdef9" $b1 = "xc123465-efff-87cc-37abcdef9"
$b2 = "[Check] - PORT ERROR..." wide $b2 = "[Check] - PORT ERROR..." wide
$b3 = "%sd.e%sc n%ssh%srewa%s ad%s po%sop%sing T%s %d" $b3 = "%sd.e%sc n%ssh%srewa%s ad%s po%sop%sing T%s %d"
...@@ -119,4 +111,4 @@ rule IndiaBravo_generic ...@@ -119,4 +111,4 @@ rule IndiaBravo_generic
condition: condition:
all of them all of them
} }
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment